inn -- plaintext command injection into encrypted channel

INN developers report: Fixed a possible plaintext command injection during the negotiation of a TLS layer. The vulnerability detailed in CVE-2011-0411 affects the STARTTLS and AUTHINFO SASL commands. nnrpd now resets its read buffer upon a successful negotiation of a TLS layer. It prevents...

8 million passwords dumped from gaming website Gamigo

Four months after the gaming site Gamigo warned users about a hacker intrusion that accessed some portions of its users' credentials, more than 8 million usernames, emails and and encrypted passwords from the site have been published on the Web, according to the data breach alert service PwnedLis...

Mozilla Releases Firefox 14.01 With Secure Google Search By Default

Mozilla has released Firefox 14.01, a new version of its browser which now includes encrypted Google search by default, as well as improvements to the address bar to make the identity of a site owner and the security of its connection clearer. The biggest change in Firefox 14.01 is the addition o...

Millions of Passwords leaked from Social Site Formspring

Formspring, a social Q&A website popular with teenagers,this week disabled its users' passwords after discovering a security breach. Formspring founder and CEO Ade Olonoh apologized to users for the inconvenience, and advised them to change their passwords when they log back into Formspring. A bl...

RHEL 5 / 6 : postgresql and postgresql84 (RHSA-2012:1037)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1037 advisory. - BSD crypt: DES encrypted password weakness CVE-2012-2143 - postgresql: Ability of database owners to install procedural languages via...

RHEL 5 : postgresql (RHSA-2012:1036)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:1036 advisory. - BSD crypt: DES encrypted password weakness CVE-2012-2143 Note that Nessus has not tested for this issue but has instead relied only on the...

Network UPS Tools Cleartext Authentication

The remote Network UPS Tools does not support exchanging credentials through an encrypted channel. An unauthenticated, remote attacker can exploit this to perform a man-in-the-middle attack, intercept credentials, and alter the settings on the UPS that the server manages. C Tenable Network...

MySQL Authentication Bypass Password Dump

This module exploits a password bypass vulnerability in MySQL in order to extract the usernames and encrypted password hashes from a MySQL server. These hashes are stored as loot for later cracking. Impacts MySQL versions: - 5.1.x before 5.1.63 - 5.5.x before 5.5.24 - 5.6.x before 5.6.6 And...

Phil Zimmermann Returns With Silent Circle Voice and Data Privacy

If you use encryption products to protect your data or communications, you owe a debt of gratitude to Phil Zimmermann. Now, Zimmermann is aiming to collect on that debt with his new company, Silent Circle, a startup that will provide secure phone, email and SMS communications. Zimmermann has been...

Multiple xss issues in Liferay

Multiple xss issues in Liferay Description: Liferay Portal is an enterprise portal written in Java Multiple xss vulnerabilities where found in liferay. Because liferay has a "remember me" option in their login screen that stores an encrypted password in a cookie this is more problematic than it...

Google Chrome Multiple Vulnerabilities(02) - May 12 (Mac OS X)

This host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodgooglechromemultvulnmay12macosx.nasl 5912 2017-04-10 09:01:51Z teissa $ Google Chrome Multiple Vulnerabilities02 - May 12 Mac OS X Authors: Madhuri D Copyright: Copyright c 20...

CVE-2011-3112

Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an invalid encrypted document...

Design/Logic Flaw

Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an invalid encrypted document...

CVE-2011-3112

Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an invalid encrypted document...

CVE-2011-3112

Removed by vendor...

CVE-2011-3112

CVE-2011-3112 is a use-after-free vulnerability in Google Chrome’s PDF functionality. The flaw allows remote attackers to cause a denial of service or possibly other impact via an invalid encrypted PDF document. The affected component is Chrome’s PDF handling code; the vulnerability is associated...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 117409 High CVE-2011-3103: Crashes in v8 garbage collection. Credit to the Chromium development community Brett Wilson. 118018 Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team Inferno. 120912 High CVE-2011-3105: Use-after-free...

November 2011 – Steam Hack

Steam, an online distribution network that hosts countless video game catalogs struck down in November last year after a hacker was able to bypass the site’s message boards and databases. The hackers leaked 35 million customers’ information, including encrypted passwords, game purchases, email...

June 2011 – Bioware hacked, EA info compromised

Electronic Arts’ Bioware, creators of MMORPG Star Wars: The Old Republic and the popular Mass Effect and Dragon Age series had a hacker infiltrate a decade-old server that was hosting the Neverwinter Nights forums in June, 2011. While no social security numbers or credit cards were compromised, E...

Pidgin OTR Plugin Detection

The remote host has the Pidgin OTR Off-the-Record plugin installed. This plugin allows for secure, encrypted communication between parties using the Pidgin instant messaging software. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid59194; scriptversion"1.8";...