CVE-2014-7203

libzmq (ZeroMQ/C++) 4.0.x before 4.0.5 exposes a replay vulnerability (CVE-2014-7203) because nonces are not guaranteed unique, enabling man-in-the-middle replay attacks via unspecified vectors. The issue is fixed in libzmq 4.0.5 (e.g., openSUSE/SUSE updates reference CVE-2014-7203 and CVE-2014-7...

CVE-2014-7203

libzmq aka ZeroMQ/C++ 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors...

EMC Documentum Content Server Multiple Vulnerabilities (ESA-2014-079)

The remote host is running a version of EMC Documentum Content Server that is affected by multiple vulnerabilities : - An error exists in the 'ssl3readbytes' function that permits data to be injected into other sessions or allows denial of service attacks. Note that this issue is exploitable only...

DEBIAN-CVE-2014-5204

wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack...

UBUNTU-CVE-2014-5204

wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack...

WordPress WPtouch Plugin <= 3.x - Insecure Nonce Generation

Because of this vulnerability, a logged­-in attacker can potentially take over the website by uploading a backdoor and then do anything he wants. Solution Update the plugin...

Wordpress WPTouch Authenticated File Upload Exploit

The Wordpress WPTouch plugin contains an auhtenticated file upload vulnerability. A wp-nonce CSRF token is created on the backend index page and the same token is used on handling ajax file uploads through the plugin. By sending the captured nonce with the upload, we can upload arbitrary files to...

McAfee VirusScan Enterprise for Linux Multiple OpenSSL Vulnerabilities (SB10075)

The remote host is running a version of McAfee VirusScan Enterprise for Linux VSEL that is affected by multiple vulnerabilities due to flaws in the included OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial...

Wordpress WPTouch Authenticated File Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress WPTouch Authenticated File Upload', 'Description' = %q The Wordpress WPTouch plugin contains an auhtenticated file upload...

WordPress WPTouch Authenticated File Upload

The WordPress WPTouch plugin contains an authenticated file upload vulnerability. A wp-nonce CSRF token is created on the backend index page and the same token is used on handling ajax file uploads through the plugin. By sending the captured nonce with the upload, we can upload arbitrary files to...

HP Version Control Repository Manager Multiple Vulnerabilities (HPSBMU03056)

The version of HP Version Control Repository Manager installed on the remote host is prior to 7.3.4, and thus is affected by multiple vulnerabilities in the bundled version of OpenSSL : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or...

Outlook Web Access 2007 CSRF Vulnerability

No description provided by source. Source: http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails Demo: http://www.youtube.com/watch?v=Bx-zfu0uXYg After Nduja Connection worm and the Memova issue, it's now time to shed a light on vulnerabilities affecting corporate webmails. And wh...

WordPress PureHTML plugin <= 1.0.0 - SQL Injection

No description provided by source. Exploit Title: WordPress PureHTML plugin = 1.0.0 SQL Injection Vulnerability Date: 2011-08-31 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/pure-html.1.0.0.zip Version: 1.0.0 tested Note:...

McAfee ePolicy Orchestrator Multiple OpenSSL Vulnerabilities (SB10075)

The remote host is running a version of McAfee ePolicy Orchestrator that is affected by multiple vulnerabilities due to flaws in the OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service attacks. Not...

Cisco ONS 15400 Series Devices Multiple Vulnerabilities in OpenSSL

The remote Cisco ONS device is running a software version known to be affected by multiple OpenSSL related vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce disclosure via the 'FLUSH+RELOAD' cache...

openSUSE Security Update : tomcat (openSUSE-SU-2012:1701-1)

fix bnc793394 - bypass of security constraints CVE-2012-3546 - tomcat-CVE-2012-3546.patch http://svn.apache.org/viewvc?view=revision&revision=1377 892 - fix bnc793391 - bypass of CSRF prevention filter CVE-2012-4431 - tomcat-CVE-2012-4431.patch...

Security Advisory-Multiple OpenSSL vulnerabilities on Huawei products

This security advisory SA describes the impact of 7 OpenSSL vulnerabilities discovered in third-party software. The vulnerabilities are referenced in this document as follows: 1.SSL/TLS Man-in-the-Middle Vulnerability CVE-2014-0224. An unauthenticated, remote attacker with the ability to intercep...

WePay: CSRF & Nonce Token Weak Implementation

Hello, this report is a copy of my previous reports sent to your email [email protected] some days ago. Please note that everything written below are copied and pasted from the report. Ticket 437212 : As part of your responsible disclosure program, I am reporting this leakage weak implementation...

IBM Global Security Kit 7 < 7.0.4.50 / 8.0.14.x < 8.0.14.43 / 8.0.50.x < 8.0.50.20 Multiple Vulnerabilities (Linux)

The remote Linux host has a version of IBM Global Security Kit prior to 7.0.4.50 / 8.0.14.43 / 8.0.50.20. It is, therefore, affected by the following vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce...

IBM Global Security Kit 7 < 7.0.4.50 / 8.0.14.x < 8.0.14.43 / 8.0.50.x < 8.0.50.20 Multiple Vulnerabilities

The remote Windows host has a version of IBM Global Security Kit prior to 7.0.4.50 / 8.0.14.43 / 8.0.50.20. It is, therefore, affected by the following vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce...