The vulnerability of Schneider Electric’s Quantum Ethernet Module allows a remote intruder to gain privileged access to the system.

The vulnerability of Schneider Electric’s Quantum Ethernet Module is related to the presence of rigidly encrypted data for default authentication through ports such as TELNET, FTP, or Windriver Debug for accounts like AUTCSE, AUTCSE, fdrusers, ftpuser, loader, nic2212, nimrohs2212, nip2212,...

Denial of Service

Overview Versions of yar prior to 2.2.0 are affected by a denial of service vulnerability related to an invalid encrypted session cookie value. When an invalid encryped session cookie value is provided, the process will crash. Recommendation Update to version 2.2.0 or later. References - Issue 34...

Ubuntu 14.04 LTS : Apache Commons HttpClient vulnerabilities (USN-2769-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2769-1 advisory. It was discovered that Apache Commons HttpClient did not properly verify the Common Name or subjectAltName fields of X.509 certificates. An attacker coul...

USN-2769-1: Apache Commons HttpClient vulnerabilities

It was discovered that Apache Commons HttpClient did not properly verify the Common Name or subjectAltName fields of X.509 certificates. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. This issue only affect...

Antivirus Avast is exposed 0day vulnerabilities in users computer to execute malicious code-vulnerability warning-the black bar safety net

Google security expert Tavis Ormandy, found a Avast antivirus of 0day vulnerabilities, the vulnerabilities could lead to attackers invade a user's computer and the user computers to execute malicious code. Tavis Ormandy recently in the Avast antivirus found a serious 0day vulnerability. And just...

Apple Kicks Out some Malicious Ad-Blocker Apps from its Online Store

Apple has removed several apps from its official iOS App Store that have the ability to compromise encrypted connections between the servers and the end-users. Apple has officially said: We have removed a "few" apps from the iOS App Store that could install root certificates and allow monitoring...

Apple Removes Apps That Expose Encrypted Traffic

Apple has purged its App Store of a number of apps that expose encrypted traffic via the installation of root certificates. Apple has declined to name the apps. “Apple has removed a few apps from the App Store that install root certificates that could allow monitoring of data,” Apple said today i...

Design/Logic Flaw

The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors...

CVE-2015-5851

The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack...

CVE-2015-5920

The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors...

CVE-2015-5851

CVE-2015-5851 affects Apple iOS Multipeer Connectivity. The issue: the convenience initializer could downgrade an encrypted session to unencrypted, enabling a local attacker to observe cleartext multipeer data. Affected product/version: iOS before 9. The root cause, per the vulnerability content,...

Apple iTunes Open Redirect Vulnerability

iTunes is a digital media playback application. Apple iTunes suffers from an open redirection vulnerability that can be exploited by an attacker to obtain encrypted SMB credentials...

Impero Education Pro Incorrect Authentication Vulnerability

Impero Education Pro is an education management solution from Impero, Inc. that integrates classroom management, desktop management, and computer monitoring software into one package. A security vulnerability exists in Impero Education Pro versions prior to 5105. As the program performs...

Kirby CMS 2.1.0 Authentication Bypass / Traversal

============================================= - Release date: 14.09.2015 - Discovered by: Dawid Golunski - Severity: Medium/High ============================================= I. VULNERABILITY ------------------------- Kirby CMS = 2.1.0 Authentication Bypass via Path Traversal II. BACKGROUND...

CVE-2015-5998

Impero Education Pro before 5105 relies on the -1|AUTHENTICATE\x02PASSWORD string for authentication, which allows remote attackers to execute arbitrary programs via an encrypted command...

Command injection

Impero Education Pro before 5105 relies on the -1|AUTHENTICATE\x02PASSWORD string for authentication, which allows remote attackers to execute arbitrary programs via an encrypted command...

Decentralized P2P Websites: ZeroNet

Decentralized P2P websites using Bitcoin crypto and the BitTorrent network ZeroNet uses Bitcoin cryptography and BitTorrent technology to build a decentralized censorship-resistant network. Users can publish static or dynamic websites into ZeroNet and visitors can choose to also serve the website...

JVN#81207766: Rakuten card App for iOS fails to verify SSL server certificates

Rakuten card App for iOS provided by Rakuten Card Co., Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided ...

[SECURITY] Fedora 21 Update: openssh-6.6.1p1-16.fc21

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

NetRipper - Smart Traffic Sniffing for Penetration Testers

NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption. NetRipp...