Information disclosure

Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager...

Information disclosure

Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to an...

CVE-2016-10101

Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager...

CVE-2016-10101

CVE-2016-10101 affects Hitek Software Automize (10.x/11.x) via the passManager.jsd module. The vulnerability stems from information disclosure: attackers with Read access can recover the encrypted password to access the Password Manager. Documentation notes the impact as information disclosure an...

Privilege escalation vulnerabilities in IBM System Networking Switch Center and Lenovo Switch Center

Lenovo Security Advisory:LEN-2015-074, LEN-2746 Potential Impact: Escalation of Privileges Severity: High Summary: Multiple vulnerabilities have been identified in the following products: - IBM System Networking Switch Center - Lenovo Switch Center Description: Lenovo Switch Center, previously...

chisel - A fast TCP tunnel over HTTP

Chisel is a fast TCP tunnel, transported over HTTP. Single executable including both client and server. Written in Go Golang. Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network. Chisel is very similar to crowbar though...

Lavabit — Encrypted Email Service Once Used by Snowden, Is Back

Texas-based Encrypted Email Service 'Lavabit,' that was forced to shut down in 2013 after not complying with a court order demanding access to SSL keys to snoop on Edward Snowden's emails, is relaunching on Friday. Lavabit CEO Ladar Levison had custody of the service's SSL encryption key that cou...

FLR Fails When VMDK Is Encrypted With HyTrust

Challenge Attempting to restore guest files using Windows File Level Restore fails when the machine's VMDKs were encrypted using HyTrust. Cause As the VMDKs are encrypted, they can not be mounted to be browsed using the File Level Restore browser. Solution To work around this issue, review KB1459...

ProtonMail Gets Own Tor-Accessible .Onion Hidden Service

Users of the encrypted email service ProtonMail looking for an extra layer of security now have the option of accessing their inbox directly through the Tor network. ProtonMail, originally developed by CERN and MIT scientists, announced Thursday it had added its own Tor hidden service. According ...

Why WhatsApp's 'Backdoor' Isn't a Backdoor

Accusations that WhatsApp has a backdoor intended for eavesdropping on user messages is being loudly rebuked by Facebook-owned WhatsApp and Open Whisper Systems, the company that developed the underlying encryption technology for the platform. Dismissal of the published claims by The Guardian are...

Secure Your Enterprise With Zoho Vault Password Management Software

Recent data breaches have taught us something very important — online users are spectacularly bad at choosing their strong passwords. Today majority of online users are vulnerable to cyber attacks, not because they are not using any best antivirus or other security measures, but because they are...

GitHub Enterprise SQL injection vulnerability

作者：Orange 前言 GitHub Enterprise 是一款 GitHub.com 所出品，可將整個 GitHub 服務架設在自身企業內網中的應用軟體。 有興趣的話你可以從 enterprise.github.com 下載到多種格式的映像檔並從網頁上取得 45 天的試用授權! 安裝完成後，你應該會看到如下的畫面: 好!現在我們有整個 GitHub 的環境了，而且是在 VM 裡面，這代表幾乎有完整的控制權可以對他做更進一步的研究，分析環境、程式碼以及架構等等... 環境 身為一個駭客，再進行入侵前的第一件事當然是 Port Scanning! 透過 Nmap 掃描後發現 VM 上一...

[SECURITY] Fedora 25 Update: openssh-7.4p1-1.fc25

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

Parrot Security 3.3 - Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind

Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own softwares or protect your privacy with anonymity and crypto tools...

Apple Delays App Transport Security Deadline

Apple backtracked on its plan to enforce a year-end deadline that would of required developers to move apps to an HTTPS-only model in an effort to thwart eavesdropping on insecure, plaintext HTTP connections. On Wednesday Apple said a requirement for developers to adopt App Transport Security wou...

CVE-2016-7270

The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure...

CVE-2016-7270

The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure...

Mozilla Firefox ClearKeyDecryptor Heap Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

CVE-2013-1430

An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file /.vnc/sesman$usernamepasswd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key...

Flash Player Bug An Eavesdropper's Delight

Adobe yesterday patched a not-so-sweet 16 Flash Player vulnerabilities, including a zero day under attack. While not much is known about the targeted attacks using the Flash Player bug, or its victims, details have surfaced on another patched flaw that is a potential privacy nightmare...