2921 matches found
Vulnerability in OpenSSL - DTLS Plaintext Recovery Attack
OpenSSL was susceptable an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS by exploiting timing differences arising during decryption processing. Found by Nadhem Alfardan and Ken...
OpenSSL < 0.9.7k / 0.9.8c PKCS Padding RSA Signature Forgery Vulnerability
According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.7k or 0.9.8c. These versions do not properly verify PKCS 1 v1.5 signatures and X509 certificates when the RSA exponent is 3. C Tenable Network Security, Inc. include"compat.inc"; if description...
kernel: sctp: fix to calc the INIT/INIT-ACK chunk length correctly to set
net/sctp/smmakechunk.c in the Linux kernel before 2.6.34, when addipenable and authenable are used, does not consider the amount of zero padding during calculation of chunk lengths for 1 INIT and 2 INIT ACK chunks, which allows remote attackers to cause a denial of service OOPS via crafted packet...
kernel: sctp: fix to calc the INIT/INIT-ACK chunk length correctly to set
net/sctp/smmakechunk.c in the Linux kernel before 2.6.34, when addipenable and authenable are used, does not consider the amount of zero padding during calculation of chunk lengths for 1 INIT and 2 INIT ACK chunks, which allows remote attackers to cause a denial of service OOPS via crafted packet...
PT-2012-1529 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.34 Description: The issue is related to the calculation of chunk lengths for INIT and INIT ACK chunks in the Linux kernel. When addip enable and auth enable are used, the amount of zero padding is not...
sip-enum-users NSE Script
Enumerates a SIP server's valid extensions users. The script works by sending REGISTER SIP requests to the server with the specified extension and checking for the response status code in order to know if an extension is valid. If a response status code is 401 or 407, it means that the extension ...
SuSE 11.1 Security Update : Mono (SAT Patch Number 4260)
The following security bugs have been fixed : - Mono was vulnerable to a padding oracle attack. CVE-2010-3332 - Mono loaded shared libraries from the current directory. CVE-2010-4159 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
HT Editor File openning Stack Overflow (0day)
Exploit for linux platform in category local exploits Exploit Title: HT Editor File openning Stack Overflow 0day Date: March 30th 2011 Author: ZadYree Software Link: http://hte.sourceforge.net/downloads.html Version: Thanks =cut use 5.010; my $esp, $retaddr; my $scz =...
HT Editor 2.0.18 Stack Overflow
Exploit Title: HT Editor File openning Stack Overflow 0day Date: March 30th 2011 Author: ZadYree Software Link: http://hte.sourceforge.net/downloads.html Version: Thanks =cut use strict; use warnings; use constant SHELLCODE = "\xeb\x11\x5e\x31\xc9\xb1\x21\x80\x6c\x0e"...
HT Editor 2.0.18 - File Opening Stack Overflow
HT Editor 2.0.18 - File Opening Stack Overflow Exploit Title: HT Editor File openning Stack Overflow 0day Date: March 30th 2011 Author: ZadYree Software Link: http://hte.sourceforge.net/downloads.html Version: Thanks =cut use 5.010; my $esp, $retaddr; my $scz =...
HT Editor 2.0.18 - File Opening Stack Overflow
Exploit Title: HT Editor File openning Stack Overflow 0day Date: March 30th 2011 Author: ZadYree Software Link: http://hte.sourceforge.net/downloads.html Version: Thanks =cut use 5.010; my $esp, $retaddr; my $scz = "\xeb\x11\x5e\x31\xc9\xb1\x21\x80\x6c\x0e"...
ASP.NET Hack
There were a lot of excellent talks at conferences this year, but perhaps the most interesting and far-reaching presentation was one given by researchers Thai Duong and Juliano Rizzo at Ekoparty on a crypto attack against ASP.NET applications. The “padding oracle” attack that the pair implemented...
Quick-Player
Quick Player is prone to a buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. This version affects Quick Player 2.3.x import sys...
CGI Generic Padding Oracle
By manipulating the padding on an encrypted string, Nessus was able to generate an error message that indicates a likely 'padding oracle' vulnerability. Such a vulnerability can affect any application or framework that uses encryption improperly, such as some versions of ASP.net, Java Server Face...
CVE-2010-4007
Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...
CVE-2010-2057
shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracl...
Sql injection
Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...
Authentication flaw
shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracl...
CVE-2010-2057
shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracl...
CVE-2010-4007
Oracle Mojarra uses an encrypted View State without a Message Authentication Code MAC, which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057...