270 matches found
Rockwell RSView32 Security Vulnerability Patched
Human machine interface software from Rockwell Automation has been patched, protecting users from a vulnerability in the way stored passwords are protected. The vulnerability was discovered in RSView32, versions 7.60.00 and earlier, according to an alert from the Industrial Control System Cyber...
SAP encryption algorithm vulnerability can lead to remote code execution or denial of service-vulnerability warning-the black bar safety net
Now, there is a widely used Protocol appeared unexpected vulnerability, SAP encryption algorithm of the data compression software can lead to remote code execution vulnerability and denial of service vulnerabilities. These problems arise because the SAP encryption algorithm of coding uses a popul...
SSL/TLS Suffers ‘Bar Mitzvah Attack’vulnerability detection method and repair recommendations-vulnerability warning-the black bar safety net
0x01 introduction April Fool's Day is coming, and SSL again due to the Bar Mitzvah Attack vulnerability to get everyone to not mind. Held in Singapore's Black Hat Asia Security Conference, the Imperva security Director Itsik Mantin detailed description of how to use the attack principle,the...
CVE-2 0 1 4-6 3 2 1 schannel heap overflow vulnerability analysis-vulnerability warning-the black bar safety net
0x00 background MS14-0 6 6 CVE-2 0 1 4-6 3 2 1 is present in Microsoft's schannel. dll in the TLS heap buffer overflow vulnerability. The following principles and poc structure for analysis. 0x01 SSL/TLS principle description Https is based on SSL/TLS Http, all http data is in the SSL/TLS Protoco...
CVE-2 0 1 4-3 5 6 6 SSLv3 POODLE principle of analysis-vulnerability warning-the black bar safety net
0x00 background POODLE attack against SSLv3, CBC mode encryption algorithm, a padding oracle attack. This attack mode and before the BEAST attacks much like, can allow an attacker to obtain the SSL communication part of the information of the plaintext, such as coockie with. And the BEAST is...
More 1024-Bit Certificates to Be Deprecated in Firefox
When Mozilla released Firefox 32 last week, the company removed several root certificates from the trust store for the browser. The move wasn’t because the certificates were fraudulent or the CAs that issued them were compromised, but because the certificates use 1024-bit keys. This is the first...
OracleAS TopLink Mapping Workbench Weak Encryption Algorithm Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9515/info OracleAS TopLink Mapping Workbench is a tool included with OracleAS TopLink, a Java-based database integration development framework that is included as a component of various Oracle Application Server releases...
Computer Associates Unicenter Asset Manager Stored Secret Data Decryption Weakness
No description provided by source. source: http://www.securityfocus.com/bid/7808/info It has been reported that Unicenter Asset Manager stores password information in a way that may be easily recovered. Because of this, an attacker may be able to gain access to potentially sensitive resources...
Apple Mac OS <= 8 8.6 Weak Password Encryption Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/519/info The encryption algorithm in MacOS system is simple and the password can be easily decoded. Password is stored in Users & Groups Data File in Preferences folder. Offset is different on each system and depends on...
Quinn "the Eskimo" and Peter N. Lewis Internet Config 1.0/2.0 Weak Password Encryption Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/546/info Internet Config is a third-party freeware utility for MacOS. It provides a means of centralizing frequently-required connection information, including passwords, for use by several programs. The passwords are...
The negotiation of encryption algorithm is failed
Challenge When trying to restore files from a Veeam appliance to the original location using Other OS restore, the following error is received: "The negotiation of encryption algorithm is failed" Cause Between Linux flavors, certain Ciphers may be enabled or disabled by default or by local policy...
ESPCMS最新 V5.8.14.03.03 UTF8 正式版暴力注入
简要描述: 弱加密算法的悲剧 伪造任意用户登录 注入 一系列问题 详细说明: /public/classdbmysql.php行144 function eccode$string, $operation = 'DECODE', $key = '@LFK24s224%@safS3s%1f%', $mcrype = true $result = null; if $operation == 'ENCODE' for $i = 0; $i fun-setcookie'ecispmemberusername', $this-fun-eccode$memberread'username',...
Microsoft .NET Framework 'RC4' Information Disclosure Vulnerability (2960358)
This host is missing an important security update according to Microsoft Security Advisory 2960358. OpenVAS Vulnerability Test $Id: gbmicrosoftsecurityadvisory2960358.nasl 5365 2017-02-20 13:46:09Z cfi $ Microsoft .NET Framework 'RC4' Information Disclosure Vulnerability 2960358 Authors: Thanga...
NIST removes Dual EC DRBG from SP 800-90A
The maligned Dual EC DRBG random number generator at the core of a $10 million secret contract between RSA Security and the National Security Agency has been removed from NIST’s draft guidance on random number generators. The National Institute for Standards and Technology said it will request...
MobileIron VSP / Sentry Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Matta Consulting - Matta Advisory https://www.trustmatta.com MobileIron Multiple Products Authentication Bypass Vulnerability Advisory ID: MATTA-2013-004 CVE reference: CVE-2014-1409, CVE-2013-7286 Affected platforms: VSP and Sentry Version: VSP...
A University campus card for the amount of the check algorithm to crack and fix-vulnerability warning-the black bar safety net
The campus card is a Mifare Classic card, not the original card. Its encryption is very simple, and all the cards the same key, you can use this vulnerability to modify the amount of, any on-campus consumer of!! Then you can use the phone This is to read the key, just encrypt 1 Sector to! And ver...
ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability
EMC Identifier: ESA-2013-029 CVE Identifier: CVE-2013-0941 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected Products: RSA Authentication API versions prior to 8.1 SP1 RSA Web Agent for Apache Web Server versions prior to 5.3.5 RSA Web Agent for IIS versions prior to...
Tipask 2.0 加密函数破解导致任意用户密码修改
简要描述: Tipask问答系统是一款开放源码的PHP仿百度知道程序。以国人的使用习惯为设计理念,采用MVC构架,系统具有速度快,SEO友好,界面操作简洁明快等特点。 但是Tipask中使用的加密算法存在被破解的可能性,因此将导致包括任意用户密码修改等漏洞的发生。 详细说明: 在核心加密算法strcode函数中: / 通用加密解密函数,phpwind、phpcms、dedecms都用此函数 / function strcode$string, $authkey, $action= 'ENCODE' $key = substrmd5$SERVER "HTTPUSERAGENT"...
Design/Logic Flaw
IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8...
CVE-2013-0523
IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8...