Zebedee encrypted tunnel server DoS

Some internal protocol header parameters lead to assert in server application...

filezillaWeak.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: FileZilla weakly-encrypted password vulnerability Risk: HIGH Credits: pagvac Adrian Pastor Date found: 6th August, 2005 Homepage: www.ikwt.com www.adrianpv.com E-mail: m123303 - at - richmond.ac.uk Background - ----------- FileZilla is the most...

symantecPassword.txt

The vulnerability has been identified and confirmed in versions 9.0.1.x and 9.0.4.x. I am fairly certain that it exists in all releases of version 9 and possibly other versions as well. Essentially, the program can be configured to receive updates via Symantec's or an Internal Live update server...

CVE-2004-2348

CVE-2004-2348 affects Sybari AntiGen for Domino 7.0 Build 722 SR2. The vulnerability allows remote attackers to cause a denial of service (hang) by processing an encrypted ZIP file with the “include full path info” option, as observed in variants of the Beagle/Bagle worm. The available documents ...

CVE-2004-2348

Sybari AntiGen for Domino 7.0 Build 722 SR2 allows remote attackers to cause a denial of service hang via an encrypted ZIP file with the "include full path info" option set, as used by certain variants of the Beagle/Bagle worm...

ultimatedisclose.txt

Update: 12:15 AM 5/14/2005 Subject: " Ultimate Forum Password Database Vulnerability " Vulnerable version: Ultimate Forum 1.0 Description: Ultimate forum is an Open forum i.e. no logon restrictions or private areas. Forum is a text file based. Each forum is multithreaded and stored in a separate...

FreeBSD : gnupg -- OpenPGP symmetric encryption vulnerability (8375a73f-01bf-11da-bc08-0001020eed82)

Serge Mister and Robert Zuccherato reports that the OpenPGP protocol is vulnerable to a cryptographic attack when using symmetric encryption in an automated way. David Shaw reports about the impact : This attack, while very significant from a cryptographic point of view, is not generally effectiv...

CVE-2005-2395

Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available...

IBM Lotus Domino HTML Hidden Field Encrypted Password Disclosure

The remote host is running a version of Lotus Domino Server that is prone to several information disclosure vulnerabilities. Specifically, users' password hashes and other data are included in hidden fields in the public address book 'names.nsf' readable by default by all users. Moreover, Domino...

CVE-2002-1696

Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted...

RHEL 2.1 : openssh (RHSA-2005:481)

Updated openssh packages that fix a potential security vulnerability and various other bugs are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol...

Low: Red Hat Security Advisory: openssh security update

Updated openssh packages that fix a potential security vulnerability and various other bugs are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol...

Linux Kernel Cryptoloop encrypted filesystem weak encryption

Weak IV Initial Vector generation algorithm allows data watermarking, making it possible to detect data in filesystem...

Linux Kernel 2.6.x - Cryptoloop Information Disclosure

Linux Kernel 2.6.x - Cryptoloop Information Disclosure source: https://www.securityfocus.com/bid/13775/info Both cryptoloop and dm-crypt are reported prone to an information disclosure vulnerability. Reports indicate that certain watermarked files may be detected on a filesystem that is encrypted...

Linux Kernel 2.6.x - Cryptoloop Information Disclosure

source: https://www.securityfocus.com/bid/13775/info Both cryptoloop and dm-crypt are reported prone to an information disclosure vulnerability. Reports indicate that certain watermarked files may be detected on a filesystem that is encrypted using the affected loop device encryption schemes. It...

CVE-2005-1733

Cookie Cart stores the password file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and encrypted passwords via a direct request to passwd.txt...

CVE-2005-1733

Cookie Cart stores the password file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and encrypted passwords via a direct request to passwd.txt...

CVE-2005-1733

CVE-2005-1733 affects Cookie Cart: password file passwd.txt is stored under the web document root with insufficient access control, enabling remote retrieval of usernames and encrypted passwords via a direct request. CVSS v2 base score 5.0 (Medium). No exploitation details or fixes are provided i...

[SA15374] Ultimate Forum Exposure of Encrypted User Credentials

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: Ultimate Forum Exposure of Encrypted User Credentials...

Insecure pty permissions in OS X < 10.4

Hi all. Mac OS X 10.3.x and earlier doesn't provide any mechanism for non-setuid-root programs to change permissions on ptys. Hence xterms, screen sessions, and Terminal.app windows with explicitly specified commands are vulnerable to tty sniffing. Note that using Terminal.app's standard terminal...