CVE-2016-6329

Removed by vendor...

Facebook Unveils 'Delegated Recovery' to Replace Traditional Password Recovery Methods

How do you reset the password for your Facebook account if your primary email account also gets hacked? Using SMS-based security code or maybe answering the security questions? Well, it's 2017, and we are still forced to depend on insecure and unreliable password reset schemes like email-based or...

CVE-2016-6329

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...

CVE-2016-10102

hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and...

Information disclosure

Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager...

CVE-2016-10104

Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to an...

CVE-2016-10101

Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager...

Information disclosure

Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to an...

CVE-2016-10101

Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager...

CVE-2016-10101

CVE-2016-10101 affects Hitek Software Automize (10.x/11.x) via the passManager.jsd module. The vulnerability stems from information disclosure: attackers with Read access can recover the encrypted password to access the Password Manager. Documentation notes the impact as information disclosure an...

Privilege escalation vulnerabilities in IBM System Networking Switch Center and Lenovo Switch Center

Lenovo Security Advisory:LEN-2015-074, LEN-2746 Potential Impact: Escalation of Privileges Severity: High Summary: Multiple vulnerabilities have been identified in the following products: - IBM System Networking Switch Center - Lenovo Switch Center Description: Lenovo Switch Center, previously...

chisel - A fast TCP tunnel over HTTP

Chisel is a fast TCP tunnel, transported over HTTP. Single executable including both client and server. Written in Go Golang. Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network. Chisel is very similar to crowbar though...

Lavabit — Encrypted Email Service Once Used by Snowden, Is Back

Texas-based Encrypted Email Service 'Lavabit,' that was forced to shut down in 2013 after not complying with a court order demanding access to SSL keys to snoop on Edward Snowden's emails, is relaunching on Friday. Lavabit CEO Ladar Levison had custody of the service's SSL encryption key that cou...

FLR Fails When VMDK Is Encrypted With HyTrust

Challenge Attempting to restore guest files using Windows File Level Restore fails when the machine's VMDKs were encrypted using HyTrust. Cause As the VMDKs are encrypted, they can not be mounted to be browsed using the File Level Restore browser. Solution To work around this issue, review KB1459...

ProtonMail Gets Own Tor-Accessible .Onion Hidden Service

Users of the encrypted email service ProtonMail looking for an extra layer of security now have the option of accessing their inbox directly through the Tor network. ProtonMail, originally developed by CERN and MIT scientists, announced Thursday it had added its own Tor hidden service. According ...

Why WhatsApp's 'Backdoor' Isn't a Backdoor

Accusations that WhatsApp has a backdoor intended for eavesdropping on user messages is being loudly rebuked by Facebook-owned WhatsApp and Open Whisper Systems, the company that developed the underlying encryption technology for the platform. Dismissal of the published claims by The Guardian are...

Secure Your Enterprise With Zoho Vault Password Management Software

Recent data breaches have taught us something very important — online users are spectacularly bad at choosing their strong passwords. Today majority of online users are vulnerable to cyber attacks, not because they are not using any best antivirus or other security measures, but because they are...

GitHub Enterprise SQL injection vulnerability

作者：Orange 前言 GitHub Enterprise 是一款 GitHub.com 所出品，可將整個 GitHub 服務架設在自身企業內網中的應用軟體。 有興趣的話你可以從 enterprise.github.com 下載到多種格式的映像檔並從網頁上取得 45 天的試用授權! 安裝完成後，你應該會看到如下的畫面: 好!現在我們有整個 GitHub 的環境了，而且是在 VM 裡面，這代表幾乎有完整的控制權可以對他做更進一步的研究，分析環境、程式碼以及架構等等... 環境 身為一個駭客，再進行入侵前的第一件事當然是 Port Scanning! 透過 Nmap 掃描後發現 VM 上一...

[SECURITY] Fedora 25 Update: openssh-7.4p1-1.fc25

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

Parrot Security 3.3 - Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind

Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own softwares or protect your privacy with anonymity and crypto tools...