CVE-2010-4764

Open Ticket Request System OTRS before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation...

Twitter offers encryption to beat hackers !

Twitter is offering users better protection from hackers with a new option to always use an encrypted connection to access its microblogging service. The measure is particulary designed to defend those who access Twitter via unsecured public Wi-Fi networks, which can make it easy for hackers to...

CVE-2011-1431

The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TL...

CVE-2011-1432

The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

Command injection

The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TL...

CVE-2011-1430

Technical details for CVE-2011-1430 are not present in the connected documents. The initial description states a STARTTLS plaintext command-injection issue in Ipswitch IMail 11.03 and earlier, but no vendor/product/version/root-cause or remediation details are provided.

CVE-2011-1432

The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

IMAP Service STARTTLS Plaintext Command Injection

The remote IMAP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker to...

SMTP Service STARTTLS Plaintext Command Injection

The remote SMTP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker to...

POP3 Service STLS Plaintext Command Injection

The remote POP3 service contains a software flaw in its STLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker to ste...

CVE-2011-1322

The SOAP with Attachments API for Java SAAJ implementation in the Web Services component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service memory consumption via encrypted SOAP messages...

CVE-2011-1322

The SOAP with Attachments API for Java SAAJ implementation in the Web Services component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service memory consumption via encrypted SOAP messages...

Cain & Abel v4.9.39 updated version Download !

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords,...

HP Data Protector Client agent EXEC_SETUP code execution

Added: 03/03/2011 CVE: CVE-2011-0922 BID: 46234 OSVDB: 72525 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem The backup agent provided by the Data Protector Backup Client Service may be instructed to execute a setup file from...

AIX 5.3 TL 12 : bos.net.tcp.client (U838600)

The remote host is missing AIX PTF U838600, which is related to the security of the package bos.net.tcp.client. There is a buffer overflow vulnerability in the ftp server. By issuing an overly long NLST command, an attacker may cause a buffer overflow. The successful exploitation of this...

AIX 5.3 TL 11 : bos.net.tcp.client (U838020)

The remote host is missing AIX PTF U838020, which is related to the security of the package bos.net.tcp.client. There is a buffer overflow vulnerability in the ftp server. By issuing an overly long NLST command, an attacker may cause a buffer overflow. The successful exploitation of this...

CVE-2011-1068

Microsoft Windows Azure Software Development Kit SDK 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by...

Nokia under scanner of Indian Intelligence Agency for its Push Email service and SMS !

Department of Telecommunication DOT has been asked by The Intelligence Bureau IB0 to stop the messaging services of Nokia in India until they can be monitored. Once again security concerns have clouded Intelligence department's mind and the incident is not first of its kind. Earlier too similar...

PandaLabs Predicts Major Cybersecurity Trends for 2011

PandaLabs, the antimalware laboratory of Panda Security, has predicted several major cybersecurity threats for 2011. These include hacktivism, cyber warfare, profit-driven malware, social engineering, and adaptive malicious codes. Additionally, there will be increased threats to Mac users, new...

New Intel Chips Support SMS Kill Switch

HED: New Intel Chips Support SMS Kill Switch DEK: Anti Theft 3 Chips Can be disabled via 3G Networks New computer processors from Intel Corp, due out in 2011, can be disabled using an SMS “poison pill” message sent over any 3G cellular network, according to Intel documentation. The new anti-theft...