CVE-2013-0263

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...

CVE-2013-0263 rubygem-rack: Timing attack in cookie sessions

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...

Fedora 18 : corosync-2.3.0-1.fc18 (2013-1001)

This update fixes potential DoS, because HMAC was used without key. It also improves stability and addresses several bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...

Potential for Signature Integrity Compromise and HMAC secret recovery in Intel® Integrated Performance Primitives (Intel® IPP) Cryptography Domain

Summary: The cryptography CP domain in Intel’s newest version of Intel® Integrated Performance Primitives Intel® IPP v7.1.1 has been enhanced to improve its security and customers are strongly urged to update to this release. Description: Intel IPP v7.1.1 introduces Intel® AVX & Intel® AVX2...

CVE-2012-3527

viewhelp.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature HMAC."...

Design/Logic Flaw

viewhelp.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature HMAC."...

Design/Logic Flaw

The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature HMAC for a request argument."...

FreeBSD : typo3 -- Multiple vulernabilities in TYPO3 Core (48bcb4b2-e708-11e1-a59d-000d601460a4)

Typo Security Team reports : It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting, Information Disclosure, Insecure Unserialize leading to Arbitrary Code Execution. TYPO3 Backend Help System - Due to a missing signature HMAC for a parameter in the viewhelp.php file, an...

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.3 i386/x86_64

CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.: XMLDsig HMAC-based signatures spoofing and authentication bypass CVE-2009-2670 OpenJDK Untrusted applet System properties access 6738524 CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks 6801071...

Scientific Linux Security Update : xmlsec1 on SL4.x, SL5.x i386/x86_64

CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.: XMLDsig HMAC-based signatures spoofing and authentication bypass A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1. An attacker could use this flaw t...

Permanent Reverse TCP Backdoor for IPhone and IPad

Security Expert from Coresec explains the use of a Permanent Reverse TCP Backdoor "sbd-1.36" for IPhone and IPad developed by Michel Blomgren. sbd is a Netcat-clone, designed to be portable and offer strong encryption. It runs on Unix-like operating systems and on Microsoft Win32. sbd features...

CentOS Update for xmlsec1 CESA-2009:1428 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for xmlsec1 CESA-2009:1428 centos4 i386

Check for the Version of xmlsec1 OpenVAS Vulnerability Test CentOS Update for xmlsec1 CESA-2009:1428 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Debian Security Advisory DSA 2239-1 (libmojolicious-perl)

The remote host is missing an update to libmojolicious-perl announced via advisory DSA 2239-1. OpenVAS Vulnerability Test $Id: deb22391.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2239-1 libmojolicious-perl Authors: Thomas Reinke Copyright: Copyright c...

CVE-2010-4803

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors...

Design/Logic Flaw

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors...

CVE-2010-4803

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors...

CVE-2010-4803

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors...

CVE-2010-4803

CVE-2010-4803 affects Mojolicious (Perl) prior to version 0.999927, due to improper HMAC-MD5 checksum implementation. Multiple connected advisories confirm this set of Mojolicious vulnerabilities (CVE-2010-4802, CVE-2010-4803, CVE-2011-1841) with remote impact in affected deployments. Debian DSA-...

CVE-2010-4803

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors...