5460 matches found
Lansweeper Credential Collector
Lansweeper stores the credentials it uses to scan the computers in its Microsoft SQL database. The passwords are XTea-encrypted with a 68 character long key, in which the first 8 characters are stored with the password in the database and the other 60 is static. Lansweeper, by default, creates an...
Cisco IM and Presence Service Leaked Encrypted Passwords Privilege Escalation Vulnerability
A vulnerability in the Cisco IM and Presence Service could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to improper web page restrictions imposed by the affected software. An authenticated, remote attacker could exploit this vulnerability to access...
WordPress Encrypted Contact Form plugin cross-site request forgery vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Encrypted Contact Form plugin is a WordPress plugin that uses end-to-end encryption to send user information. A...
EUVD-2015-1916
The PKCS7dataDecodefunction in crypto/pkcs7/pk7doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a PKCS7 blob that uses ASN.1 encoding and lack...
UBUNTU-CVE-2015-1790
The PKCS7dataDecodefunction in crypto/pkcs7/pk7doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a PKCS7 blob that uses ASN.1 encoding and lack...
WordPress Plugin Encrypted Contact Form 1.0.4 - Cross-Site Request Forgery
WordPress Plugin Encrypted Contact Form 1.0.4 - Cross-Site Request Forgery Title: CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4 Submitter: Nitin Venkatesh Product: Encrypted Contact Form Wordpress Plugin Product URL:...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the iframeurl parameter in an Update Page action in the...
CVE-2015-4010
Cross-site request forgery CSRF vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the iframeurl parameter in an Update Page action in the...
WordPress Encrypted Contact Form 1.0.4 CSRF / XSS
Title: CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4 Submitter: Nitin Venkatesh Product: Encrypted Contact Form Wordpress Plugin Product URL: https://wordpress.org/plugins/encrypted-contact-form/ Vulnerability Type: Cross-site...
CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4
Title: CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4 Submitter: Nitin Venkatesh Product: Encrypted Contact Form Wordpress Plugin Product URL: https://wordpress.org/plugins/encrypted-contact-form/ Vulnerability Type: Cross-site...
Dennis Fisher and Mike Mimoso on Facebook's Security Moves, GitHub's Audit and More
Dennis Fisher and Mike Mimoso discuss Facebook’s moves toward encrypted notifications and SHA-2 usage, the audit of GitHub SSH keys and the awesome OpenSesame garage door hack from Samy Kamkar. Download: digitalunderground206.mp3 Music by Chris Gonsalves...
SysAid Help Desk Database Credentials Disclosure
This module exploits a vulnerability in SysAid Help Desk that allows an unauthenticated user to download arbitrary files from the system. This is used to download the server configuration file that contains the database username and password, which is encrypted with a fixed, known key. This modul...
DEBIAN-CVE-2015-3331
The driverrfc4106decrypt function in arch/x86/crypto/aesni-intelglue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service buffer overflow and system crash or possibly...
CVE-2015-3331
CVE-2015-3331 affects the Linux kernel up to 3.19.2, where __driver_rfc4106_decrypt in arch/x86/crypto/aesni-intel_glue.c mishandles memory locations for encrypted data, enabling a context-dependent attacker to trigger a buffer overflow via a crypto API call (e.g., with a libkcapi test program us...
WordPress Encrypted Blog Plugin <= 0.0.6.2 - Arbitrary Site Redirection
This plugin is prone to an arbitrary site redirection via encryptblogform.php redirectto parameter. Solution Upgrade this plugin...
WordPress Encrypted Blog Plugin <= 0.0.6.2 - Reflected Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability via encryptblogform.php redirectto parameter. Solution Update the plugin...
WordPress Encrypted Blog Plugin <= 0.0.6.2 - Reflected Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability via encryptblogform.php redirectto parameter. Solution Update the plugin...
WordPress Encrypted Blog Plugin <= 0.0.6.2 - Arbitrary Site Redirection
This plugin is prone to an arbitrary site redirection via encryptblogform.php redirectto parameter. Solution Upgrade this plugin...
wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property
It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...
Grindr v2.1.1 iOS & Account System - Breach Attack
Document Title: =============== Grindr v2.1.1 iOS & Account System - Breach Attack References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1420 Release Date: ============= 2015-05-02 Vulnerability Laboratory ID VL-ID: ==================================== 1420...