openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers

It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle...

openssl: Divide-and-conquer session key recovery in SSLv2

It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle...

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

SUSE-SU-2016:0620-1 Security update for openssl

This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

SUSE-SU-2016:0621-1 Security update for openssl

This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

DROWN Flaw Opens 33 Percent Of HTTPS Connections To Attack

Researchers revealed a massive transport layer security TLS vulnerability today that leaves millions of Internet users vulnerable to an attack that could expose passwords, credit card numbers and financial data. OpenSSL and others are urging companies to patch their web servers or risk exposure t...

Vulnerability in OpenSSL - Bleichenbacher oracle in SSLv2

This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address the vulnerability CVE-2015-0293. s2srvr.c overwrite the wrong bytes in the master-key when applying Bleichenbacher protection for export cipher suites. This provides a...

perfact::mpa Persistent Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-066 Product: perfact::mpa Manufacturer: PerFact Innovation GmbH & Co. KG Affected Versions: Custom versions using PerFact DBUtils Toolkit v3.2 Tested Versions: Custom version with PerFact DBUtils Toolkit v3.2 Vulnerability Typ...

Vulnerability in OpenSSL - Cross-protocol attack on TLS using SSLv2 (DROWN)

A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting...

WP Ultimate Exporter 1.0.0 - Reflected Cross-Site Scripting (XSS)

The Export WordPress Data with Advanced Filters WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

Shopify: Injection via CSV Export feature in Admin Orders

i found out that the filtering of "=,-,+" is not working in all data. there's a way to bypass it. 1. Create a product with title =cmd|' /C calc'!'D2' 2. Add variants more than 2 variants then save it. 3. Go to Orders Create Order 4. search the product we made =cmd|' /C calc'!'D2' 5. Add 2 variant...

Zendesk: Chat History CSV Export Excel Injection Vulnerability

I have found a vulnerability in the Chat History export function. If an attacker submits a special name containing a system command when chatting with an agent and that agent later exports the history of that chat to CSV, the resulting CSV may execute commands when opened. I have tested this usin...

MyScript Memo 3.0 Persistent Script Insertion

Document Title: =============== MyScript Memo v3.0 iOS - Mail Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1706 Release Date: ============= 2016-02-10 Vulnerability Laboratory ID VL-ID: ==================================== 170...

MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability

Document Title: =============== MyScript Memo v3.0 iOS - Mail Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1706 Release Date: ============= 2016-02-10 Vulnerability Laboratory ID VL-ID: ==================================== 170...

MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability

Document Title: =============== MyScript Memo v3.0 iOS - Mail Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1706 Release Date: ============= 2016-02-10 Vulnerability Laboratory ID VL-ID: ==================================== 170...

Government Promises Comment Period on Next Wassenaar Draft

It’s been months since the U.S. Commerce Department’s Bureau of Industry and Security pulled the U.S. implementation of the Wassenaar Arrangement off the table for an unusual rewrite of the rules governing so-called intrusion software. The overly broad rule drew the ire of security and privacy...

[SECURITY] Fedora 22 Update: phpMyAdmin-4.5.4-1.fc22

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

HackerOne: CSV Injection via the CSV export feature

Hi , I have managed to bypass your fix for 72785 by submitting a report with NewLine character 0x0a in the title before the CSV formula. Steps to reproduce: 1. As a researcher , Submit a report to a program with the title %0A-2+3+cmd|' /C calc'!D2 , here is an example request: POST...

SAML Raider - SAML2 Burp Extension

SAML Raider is a Burp Suite extension for testing SAML infrastructures. It contains two core functionalities: Manipulating SAML Messages and manage X.509 certificates. This software was created by Roland Bischofberger and Emanuel Duss during a bachelor thesis at the Hochschule für Technik...

[SECURITY] Fedora 22 Update: bind99-9.9.8-1.P2.fc22

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. This package set contains only export version of BIND libraries, that are used for building ISC DHCP...