969 matches found
VMware vCenter Update Manager Multiple Vulnerabilities (VMSA-2014-0006)
The version of VMware vCenter Update Manager installed on the remote Windows host is 5.5 prior to Update 1b. It is, therefore, affected by the following vulnerabilities related to the bundled version of OpenSSL : - An error exists in the function 'ssl3readbytes' that could allow data to be inject...
HP System Management Homepage < 7.2.4.1 / 7.3.3.1 OpenSSL Multiple Vulnerabilities
According to the web server's banner, the version of HP System Management Homepage SMH hosted on the remote web server has an implementation of the OpenSSL library that is affected by the following vulnerabilities : - An error exists in the ssl3readbytes function that allows data to be injected...
Mambo Component Material Suche 1.0 - SQL Injection
No description provided by source. Mambo Component Material Suche 1.0 SQL injection Vulnerability Author: Gamoscu Site: www.1923turk.biz Site: http://gamoscu.wordpress.com/ Greetz: Manas58 Baybora Delibey Tiamo Psiko Turco infazci X-TRO Exploit:...
Liquid XML Studio 2010 <= 8.061970 - (LtXmlComHelp8.dll) OpenFile() Remote 0day Overflow Exploit
No description provided by source. html !-- |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | |...
KLA10332 OSI vulnerability in Snare
Weak keying material was found in Snare Agent. By exploiting this vulnerability malicious users can obtain and modify sensitive information. This vulnerability can be exploited remotely via MITM, at a point related to OpenSSL. Original advisories Snare Agent changelog Related products Snare CVE...
Blue Coat ProxySG 4.x OpenSSL Security Bypass
The remote Blue Coat ProxySG device's SGOS self-reported version is 4.x and reportedly contains a bundled version of OpenSSL that has multiple flaws. It is, therefore, potentially affected by an unspecified error that could allow an attacker to cause usage of weak keying material, leading to...
WinSCP 5.x < 5.5.4 Multiple Vulnerabilities
The WinSCP program installed on the remote host is version 4.3.8, 4.3.9, 4.4.0 or 5.x prior to 5.5.4. It therefore contains a bundled version of OpenSSL prior to 1.0.1h which is affected by the following vulnerabilities : - An error exists in the 'ssl3readbytes' function that permits data to be...
Cisco Adaptive Security Appliances Multiple Vulnerabilities in OpenSSL
The remote Cisco ASA device is running a software version known to be affected by multiple OpenSSL related vulnerabilities : - A buffer overflow error exists related to invalid DTLS fragment handling that could lead to execution of arbitrary code. Note this issue only affects OpenSSL when used as...
Junos Pulse Secure Access IVE / UAC OS Multiple OpenSSL Vulnerabilities (JSA10629)
According to its self-reported version, the version of IVE / UAC OS running on the remote host is affected by multiple vulnerabilities : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue i...
Cisco TelePresence MCU Series Devices Multiple Vulnerabilities in OpenSSL
The remote Cisco TelePresence MCU device is running a software version known to be affected by multiple OpenSSL related vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce disclosure via the 'FLUSH+RELOAD...
Cisco Windows Jabber Client Multiple Vulnerabilities in OpenSSL (cisco-sa-20140605-openssl)
The remote Windows host has a version of Cisco Jabber installed that is known to be affected by multiple OpenSSL related vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce disclosure via the 'FLUSH+RELOA...
Cisco TelePresence Supervisor MSE 8050 Multiple Vulnerabilities in OpenSSL
The remote Cisco TelePresence device is running a software version known to be affected by multiple OpenSSL related vulnerabilities : - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks. CVE-2014-0224 - ...
AIX OpenSSL Advisory : openssl_advisory9.doc
The version of OpenSSL installed on the remote host is potentially affected by the following remote code execution and denial of service vulnerabilities : - OpenSSL could allow an attacker to cause a buffer overrun situation when an attacker sends invalid DTLS fragments to an OpenSSL DTLS client ...
Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20140605)
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. CVE-2014-0224 Note: In order to...
ESXi 5.5 < Build 1881737 OpenSSL Library Multiple Vulnerabilities (remote check)
The remote VMware ESXi host is 5.5 prior to build 1881737. It is, therefore, affected by the following vulnerabilities in the OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this...
Important: Red Hat Security Advisory: openssl security update
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...
Important: Red Hat Security Advisory: openssl098e security update
Updated openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...
openssl: SSL/TLS MITM vulnerability
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server...
stunnel < 5.02 OpenSSL Multiple Vulnerabilities
The version of stunnel installed on the remote host is prior to version 5.02. It is, therefore, affected by the following vulnerabilities : - An error exists in the ssl3readbytes function that allows data to be injected into other sessions or allows denial of service attacks. Note this issue is...
OpenSSL TLS Man-In-The-Middle Security Bypass (CVE-2014-0224)
A security bypass via ChangeCipherSpec CCS Injection vulnerability has been reported in older versions of OpenSSL. The vulnerability is due to a weakness in OpenSSL methods used for keying material. The vulnerability can be exploited through the use of a man in the middle attack, where an attacke...