Lucene search
K

8707 matches found

RedHat Linux
RedHat Linux
added 2015/07/15 12:1 p.m.7 views

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...

4.3CVSS6.6AI score0.9986EPSS
Exploits1References6
ThreatPost
ThreatPost
added 2015/07/15 11:6 a.m.10 views

Coalition of Security Companies Forms to Oppose Wassenaar Rules

A large group of security companies have formed a coalition to oppose the proposed rules from the Department of Commerce that would regulate the export of so-called intrusion software, a broad term that researchers and legal experts are concerned would limit security research and development. The...

0.1AI score
Exploits0References1
Patchstack
Patchstack
added 2015/07/15 12:0 a.m.9 views

WordPress Attachment Export Plugin <= 0.2.3 - Unauthenticated File Download

Because of this vulnerability, an unauthenticated user can download the XML data that holds all the details of attachments/posts on a Wordpress powered site. Solution Update the plugin...

1.7AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/15 12:0 a.m.11 views

WP Attachment Export <= 0.2.3 - Unauthenticated File Download

The WP Attachment Export WordPress plugin was affected by an Unauthenticated File Download security vulnerability...

2.8AI score
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2015/07/15 12:0 a.m.27 views

WordPress WP Attachment Export 0.2.3 Arbitrary File Download

Title: Arbitrary File Download in WP Attachment Export Wordpress Plugin v0.2.3 Submitter: Nitin Venkatesh Product: WP Attachment Export Wordpress Plugin Product URL: https://wordpress.org/plugins/wp-attachment-export/ Vulnerability Type: Arbitrary File Download Affected Versions: v0.2.3 Tested...

7.4AI score
Exploits0
0day.today
0day.today
added 2015/07/14 12:0 a.m.24 views

WordPress Image Export 1.1 Arbitrary File Download Vulnerability

WordPress Image Export plugin version 1.1 suffers from an arbitrary file download vulnerability. Title: Remote file download vulnerability in Wordpress Plugin image-export v1.1 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-01 Download Site: https://wordpress.org/plugins/image-export Vendor:...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2015/07/14 12:0 a.m.21 views

WordPress Image Export 1.1 Arbitrary File Download

Title: Remote file download vulnerability in Wordpress Plugin image-export v1.1 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-01 Download Site: https://wordpress.org/plugins/image-export Vendor: www.1efthander.com Vendor Notified: 2015-07-05 Vendor Contact: https://twitter.com/1eftHander...

7AI score
Exploits0
Kitploit
Kitploit
added 2015/07/10 3:31 p.m.75 views

Johnny - GUI for John the Ripper

Johnny is a cross-platform open-source GUI for the popular password cracker John the Ripper. Features 1. user could start, pause and resume attack though only one session is allowed globally, 2. all attack related options work, 3. all input file formats are supported pure hashes, pwdump, passwd,...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2015/07/08 12:0 a.m.78 views

Blueberry Express 5.9.0.3678 - Local Buffer Overflow (SEH)

Document Title: =============== Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1535 Video: http://www.vulnerability-lab.com/getcontent.php?id=1537 Release Date: ============= 2015-06-29...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2015/07/08 12:0 a.m.27 views

Blueberry Express 5.9.0.3678 - Local Buffer Overflow (SEH)

Blueberry Express 5.9.0.3678 - Local Buffer Overflow SEH Document Title: =============== Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1535 Video:...

0.1AI score
Exploits0
FreeBSD
FreeBSD
added 2015/07/08 12:0 a.m.20 views

KeePassX -- information disclosure

Yves-Alexis Perez reports: Starting an export using File / Export to / KeepassX XML file and cancelling it leads to KeepassX saving a cleartext XML file in /.xml without any warning...

7.5CVSS7.4AI score0.0119EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/07/07 12:0 a.m.45 views

SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2015:1181-2) (Logjam)

OpenSSL was updated to fix several security issues. CVE-2015-4000: The Logjam Attack weakdh.org has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. CVE-2015-1788: Malformed ECParameters could cause an...

7.5CVSS7.1AI score0.9986EPSS
Exploits1References15
Tenable Nessus
Tenable Nessus
added 2015/07/07 12:0 a.m.64 views

SUSE SLED11 / SLES10 Security Update : OpenSSL (SUSE-SU-2015:1183-2) (Logjam)

OpenSSL was updated to fix several security issues. CVE-2015-4000: The Logjam Attack weakdh.org has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. CVE-2015-1789: An out-of-bounds read in X509cmptime was...

7.5CVSS7.1AI score0.9986EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2015/07/07 12:0 a.m.37 views

SUSE SLES11 Security Update : OpenSSL (SUSE-SU-2015:1184-2) (Logjam)

OpenSSL 0.9.8j was updated to fix several security issues. CVE-2015-4000: The Logjam Attack weakdh.org has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. CVE-2015-1788: Malformed ECParameters could cause a...

7.5CVSS7.1AI score0.9986EPSS
Exploits1References23
Tenable Nessus
Tenable Nessus
added 2015/07/07 12:0 a.m.40 views

SUSE SLED11 / SLES11 Security Update : OpenSSL (SUSE-SU-2015:1182-2) (Logjam)

OpenSSL 0.9.8k was updated to fix several security issues : CVE-2015-4000: The Logjam Attack weakdh.org has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. CVE-2015-1788: Malformed ECParameters could cause an...

7.5CVSS7.1AI score0.9986EPSS
Exploits1References25
ThreatPost
ThreatPost
added 2015/07/06 2:6 p.m.21 views

UK Student's Research a Wassenaar Casualty

U.S.-based security researchers may soon be championing the case of Grant Wilcox, a young U.K. university student whose work is one of the few publicly reported casualties of the Wassenaar Arrangement. Wilcox last week published his university dissertation, presented earlier this spring for an...

7.3AI score
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2015/07/06 12:0 a.m.44 views

SUSE SLES11 Security Update : OpenSSL (SUSE-SU-2015:1184-1) (Logjam)

OpenSSL 0.9.8j was updated to fix several security issues. CVE-2015-4000: The Logjam Attack weakdh.org has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. CVE-2015-1788: Malformed ECParameters could cause a...

7.5CVSS7.1AI score0.9986EPSS
Exploits1References23
WPVulnDB
WPVulnDB
added 2015/07/05 12:0 a.m.8 views

Image Export <= 1.1.0 - Directory Traversal

The image-export WordPress plugin was affected by a Directory Traversal security vulnerability. PoC $ curl http://www.example.com/wp-content/plugins/image-export/download.php?file=/etc/passwd...

1.3AI score
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2015/07/05 12:0 a.m.14 views

Image Export <= 1.1.0 - Directory Traversal

The image-export WordPress plugin was affected by a Directory Traversal security vulnerability. $ curl http://www.example.com/wp-content/plugins/image-export/download.php?file=/etc/passwd...

2.2AI score
Exploits0References2
Mozilla
Mozilla
added 2015/07/02 12:0 a.m.83 views

NSS accepts export-length DHE keys with regular DHE cipher suites — Mozilla

Security researcher Matthew Green reported a Diffie–Hellman DHE key processing issue in Network Security Services NSS where a man-in-the-middle MITM attacker can force a server to downgrade TLS connections to 512-bit export-grade cryptography by modifying client requests to include only...

4.3CVSS5.3AI score0.9986EPSS
Exploits1References4Affected Software5
Rows per page
Query Builder