Transcend Firmware 1.8 CSRF / Brute Force

Hello list! All your photos and videos are belong to me. If they are on Transcend flash card :-. There are Predictable Resource Location, Brute Force and Cross-Site Request Forgery vulnerabilities in Transcend Wi-Fi SD Card. ------------------------- Affected products: -------------------------...

CVE-2016-5747

A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies...

Design/Logic Flaw

A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies...

CVE-2016-5747

A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies...

CVE-2016-5747

A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies...

CVE-2016-5747

The CVE-2016-5747 entry concerns Novell eDirectory’s NDSD HTTP stack cookie handling, where predictable cookies enable remote bypass of access restrictions prior to version 9.0.1. Multiple sources (NVD, CNVD, OpenVAS) confirm the vulnerability in the cookie-based auth flow, affecting eDirectory b...

glusterfs: glusterfs-server %pretrans rpm script temporary file issue

It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs-server package...

Moderate: Red Hat Security Advisory: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update

An update is now available for Red Hat Gluster Storage 3.2 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Multiple vulnerabilities in YXCMS frontend

YXcms is a website management system based on PHP+MySql with a lightweight MVC design model. YXCMS front-end cross-site scripting and cross-site request forgery vulnerabilities. htmlin function is not strict on xss filtering does not take into account the pseudo-protocol , due to the failure to...

CVE-2016-10180

An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srandtime0 seeding...

PT-2017-7787 · D Link · Dwr-932B

Name of the Vulnerable Software and Affected Versions: D-Link DWR-932B router affected versions not specified Description: An issue was discovered where WPS PIN generation is based on srandtime0 seeding. This indicates a potential predictability in the PIN generation process, which could be...

NTP.org 'ntpd' Predictable Random Number Generator Weakness Brute Force Attack Vulnerability

NTP.org SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ntp:ntp"; ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.809780";...

MatrixSSL < 3.8.7 Cryptographic Vulnerability

MatrixSSL is prone to a vulnerability in the modular exponentiation function. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...

CVE-2015-8542

An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the "id" and "cid" parameter to specify the current user by its user- and context-ID...

GLSA-201612-01 : GnuPG: RNG output is predictable

The remote host is affected by the vulnerability described in GLSA-201612-01 GnuPG: RNG output is predictable A long standing bug since 1998 in Libgcrypt see GLSA 201610-04 below and GnuPG allows an attacker to predict the output from the standard RNG. Please review the Entropy Loss and Output...

GnuPG: RNG output is predictable

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description A long standing bug since 1998 in Libgcrypt see “GLSA 201610-04” below and GnuPG allows an attacker to predict the output from the standard RNG. Please review the “Entropy Loss...

libgcrypt security update

1.5.3-13.1 - fix CVE-2016-6313 - predictable PRNG output 1366105 1.5.3-13 - touch only urandom in the selftest and when /dev/random is unavailable for example by SELinux confinement - fix the RSA selftest key p q swap...

Local Privilege Escalation

Overview Affected versions of npm use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the npm process has permission t...

IBM WebSphere Application Server 7.0 < 7.0.0.33 Multiple Vulnerabilities

Binary data 9699.prm...

GNU Libgcrypt and GnuPG Predictable Random Number Generation Vulnerability

GNU Libgcrypt and GnuPG GNU Privacy Guard are both general-purpose cryptographic libraries developed by the GNU Project based on the GnuPG code. A predictable random number generation vulnerability exists in the mixing function in GNU Libgcrypt prior to 1.6.3-2+deb8u2 and GnuPG prior to...