CVE-2015-5998

Impero Education Pro before 5105 relies on the -1|AUTHENTICATE\x02PASSWORD string for authentication, which allows remote attackers to execute arbitrary programs via an encrypted command...

Command injection

Impero Education Pro before 5105 relies on the -1|AUTHENTICATE\x02PASSWORD string for authentication, which allows remote attackers to execute arbitrary programs via an encrypted command...

Decentralized P2P Websites: ZeroNet

Decentralized P2P websites using Bitcoin crypto and the BitTorrent network ZeroNet uses Bitcoin cryptography and BitTorrent technology to build a decentralized censorship-resistant network. Users can publish static or dynamic websites into ZeroNet and visitors can choose to also serve the website...

JVN#81207766: Rakuten card App for iOS fails to verify SSL server certificates

Rakuten card App for iOS provided by Rakuten Card Co., Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided ...

[SECURITY] Fedora 21 Update: openssh-6.6.1p1-16.fc21

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

NetRipper - Smart Traffic Sniffing for Penetration Testers

NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption. NetRipp...

QNAP crypto keys logged on unencrypted disk partition in world accessible files

Affected devices: ================= Probably all QNAP devices running the QNAP modified 3.12.6 kernel with firmware older than 4.1.4 Build 0804. Verified on TS-453S Pro and TVS-471, both with Firmware 4.1.4 Build 0522. Probably fixed with Firmware 4.1.4 Build 0804 incriminating message gone, thou...

EMC Documentum D2 Information Disclosure Vulnerability (CNVD-2015-05464)

EMC Documentum D2 is the advanced, intuitive, configurable and content-centric Documentum client that accelerates adoption of ECM applications. A security vulnerability in the Lockbox component of EMC Documentum D2 4.2 and prior versions when saving a password in an encrypted file can be exploite...

Smart Traffic Sniffing: NetRipper

Smart Traffic Sniffing NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before...

CVE-2015-5965

The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field...

CVE-2015-5965

Fortinet FortiOS SSL-VPN before 4.3.13 is affected by CVE-2015-5965: the TLS MAC in finished messages is only validated by the first byte, enabling a remote attacker to spoof encrypted content via a crafted MAC field. This vulnerability, documented in multiple sources, could lead to disclosure of...

Sen. Warren Worried About Banks' New Encrypted Messaging Platform

UPDATE–The list of politicians in Washington wringing their hands over the increasing use of encryption by consumers and businesses is growing longer by the day. Sen. Elizabeth Warren added her name to that list on Monday. Warren D-Mass. sent a letter to Attorney General Loretta Lynch expressing...

FireFox file stealing 0day vulnerability has been hacked“real”use, the official emergency release to fix patch-bug warning-the black bar safety net

In Russia a web site, the researchers found a Firefox serious 0day exploits program Exp code, you can steal Windows and Linux users on the computer file. This security event is forcing Mozilla to the official emergency release patch. Vulnerability description The vulnerability is caused by the...

FireMaster - The Firefox Master Password Cracking Tool

FireMaster is the First ever tool to recover the lost Master Password of Firefox. Master password is used by Firefox to protect the stored loign/password information for all visited websites. If the master password is forgotten, then there is no way to recover the master password and user will lo...

[SECURITY] Fedora 21 Update: openssh-6.6.1p1-15.fc21

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

[SECURITY] Fedora 22 Update: openssh-6.9p1-4.fc22

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

[SECURITY] Fedora 22 Update: openssh-6.9p1-3.fc22

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

Introducing 93Gbps High-Speed Tor-Like Encrypted Anonymous Network

I think you'll agree with me when I say: It's quite hard to maintain anonymity on the Internet using the slow Tor network. Or is it? Well, it turns out, you may soon boost your online anonymity dramatically with the help of a new high-speed anonymity network. A group of six academics have develop...

SolarWinds N-Able N-Central Information Disclosure Vulnerability

SolarWinds N-Able N-Central is a suite of agent-based enterprise support and management solutions from SolarWinds USA. A information disclosure vulnerability exists in SolarWinds N-Able N-Central versions prior to 9.5.1.4514, which can be exploited to obtain a plaintext domain administrator...

kernel: buffer overflow in eCryptfs

A buffer overflow flaw was found in the way the Linux kernel's eCryptfs implementation decoded encrypted file names. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system...