Cisco Software Encryption Library Information Disclosure Vulnerability

Cisco software contains a vulnerability that could allow an unauthenticated, remote attacker to access sensitive information on a targeted system. The vulnerability is in the encryption library used by the vulnerable software. This library allows a portion of an encrypted packet to be sent...

[SECURITY] Fedora 17 Update: gnome-keyring-3.4.1-3.fc17

The gnome-keyring session daemon manages passwords and other types of secrets for the user, storing them encrypted with a main password. Applications can use the gnome-keyring library to integrate with the keyrin g...

FreeBSD : inn -- plaintext command injection into encrypted channel (a7975581-ee26-11e1-8bd8-0022156e8794)

INN developers report : Fixed a possible plaintext command injection during the negotiation of a TLS layer. The vulnerability detailed in CVE-2011-0411 affects the STARTTLS and AUTHINFO SASL commands. nnrpd now resets its read buffer upon a successful negotiation of a TLS layer. It prevents...

Default configuration

The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack...

Default configuration

The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then...

CVE-2009-5119

The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack...

inn -- plaintext command injection into encrypted channel

INN developers report: Fixed a possible plaintext command injection during the negotiation of a TLS layer. The vulnerability detailed in CVE-2011-0411 affects the STARTTLS and AUTHINFO SASL commands. nnrpd now resets its read buffer upon a successful negotiation of a TLS layer. It prevents...

8 million passwords dumped from gaming website Gamigo

Four months after the gaming site Gamigo warned users about a hacker intrusion that accessed some portions of its users' credentials, more than 8 million usernames, emails and and encrypted passwords from the site have been published on the Web, according to the data breach alert service PwnedLis...

Mozilla Releases Firefox 14.01 With Secure Google Search By Default

Mozilla has released Firefox 14.01, a new version of its browser which now includes encrypted Google search by default, as well as improvements to the address bar to make the identity of a site owner and the security of its connection clearer. The biggest change in Firefox 14.01 is the addition o...

Millions of Passwords leaked from Social Site Formspring

Formspring, a social Q&A website popular with teenagers,this week disabled its users' passwords after discovering a security breach. Formspring founder and CEO Ade Olonoh apologized to users for the inconvenience, and advised them to change their passwords when they log back into Formspring. A bl...

RHEL 5 / 6 : postgresql and postgresql84 (RHSA-2012:1037)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1037 advisory. - BSD crypt: DES encrypted password weakness CVE-2012-2143 - postgresql: Ability of database owners to install procedural languages via...

RHEL 5 : postgresql (RHSA-2012:1036)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:1036 advisory. - BSD crypt: DES encrypted password weakness CVE-2012-2143 Note that Nessus has not tested for this issue but has instead relied only on the...

Network UPS Tools Cleartext Authentication

The remote Network UPS Tools does not support exchanging credentials through an encrypted channel. An unauthenticated, remote attacker can exploit this to perform a man-in-the-middle attack, intercept credentials, and alter the settings on the UPS that the server manages. C Tenable Network...

MySQL Authentication Bypass Password Dump

This module exploits a password bypass vulnerability in MySQL in order to extract the usernames and encrypted password hashes from a MySQL server. These hashes are stored as loot for later cracking. Impacts MySQL versions: - 5.1.x before 5.1.63 - 5.5.x before 5.5.24 - 5.6.x before 5.6.6 And...

Phil Zimmermann Returns With Silent Circle Voice and Data Privacy

If you use encryption products to protect your data or communications, you owe a debt of gratitude to Phil Zimmermann. Now, Zimmermann is aiming to collect on that debt with his new company, Silent Circle, a startup that will provide secure phone, email and SMS communications. Zimmermann has been...

Multiple xss issues in Liferay

Multiple xss issues in Liferay Description: Liferay Portal is an enterprise portal written in Java Multiple xss vulnerabilities where found in liferay. Because liferay has a "remember me" option in their login screen that stores an encrypted password in a cookie this is more problematic than it...

Google Chrome Multiple Vulnerabilities(02) - May 12 (Mac OS X)

This host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodgooglechromemultvulnmay12macosx.nasl 5912 2017-04-10 09:01:51Z teissa $ Google Chrome Multiple Vulnerabilities02 - May 12 Mac OS X Authors: Madhuri D Copyright: Copyright c 20...

CVE-2011-3112

Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an invalid encrypted document...

CVE-2011-3112

Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an invalid encrypted document...

Design/Logic Flaw

Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an invalid encrypted document...