Lucene search
K

119 matches found

WPVulnDB
WPVulnDB
added 2015/08/12 12:0 a.m.15 views

WP OAuth Server <= 3.1.4 - Insecure Pseudor&om Number Generation

The WP OAuth Server OAuth Authentication WordPress plugin was affected by an Insecure Pseudor Number Generation security vulnerability...

7.5CVSS2AI score0.02064EPSS
Exploits0References2Affected Software1
ThreatPost
ThreatPost
added 2015/05/29 2:30 p.m.10 views

Poor Crypto Dooms Blockchain Android App

Shoddy crypto is being blamed for the loss of Bitcoin for an unnamed number of Blockchain users. Blockchain, one of the busiest Bitcoin wallets, on Thursday released a security update for its Android app correcting the situation. “In rare circumstances, certain versions of the Android operating...

7.3AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2015/03/19 12:0 a.m.2 views

PT-2015-1685 · Openssl +1 · Openssl +3

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 1.0.2 through 1.0.2a excluding 1.0.2a Description: The issue is related to the ssl3 client hello function in OpenSSL, which does not ensure the proper initialization of the pseudorandom number generator PRNG before the...

4.3CVSS5.5AI score0.05745EPSS
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2015/03/18 12:0 a.m.47 views

Cisco NX-OS Multiple ntpd Vulnerabilities

The remote Cisco device is running a version of NX-OS software that is affected by the following vulnerabilities : - Errors exist related to weak cryptographic pseudorandom number generation PRNG, the functions 'ntprandom' and and 'configauth', and the 'ntp-keygen' utility. A man-in-the-middle...

7.5CVSS7.7AI score0.7809EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2015/03/18 12:0 a.m.97 views

Cisco IOS XR Multiple ntpd Vulnerabilities

The remote Cisco device is running a version of IOS XR software that is affected by the following vulnerabilities : - Errors exist related to weak cryptographic pseudorandom number generation PRNG, the functions 'ntprandom' and and 'configauth', and the 'ntp-keygen' utility. A man-in-the-middle...

7.5CVSS7.7AI score0.7809EPSS
Exploits4References6
securityvulns
securityvulns
added 2014/12/25 12:0 a.m.74 views

Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products Advisory ID: cisco-sa-20141222-ntpd Revision 1.1 Last Updated 2014 December 23 13:37 UTC GMT For Public Release 2014 December 22 16:00 UTC GMT...

7.5CVSS0.4AI score0.7809EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2014/11/03 12:0 a.m.4 views

PT-2014-2335 · Plone · Plone

Name of the Vulnerable Software and Affected Versions: Plone versions prior to 4.2.3 Plone versions 4.3 prior to beta 1 Description: The issue allows remote attackers to obtain random numbers and derive the PRNG state for password resets. This could potentially be used to gain unauthorized access...

6.9CVSS6.6AI score0.0152EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2013/12/06 12:0 a.m.18 views

FreeBSD : drupal -- multiple vulnerabilities (d9649816-5e0d-11e3-8d23-3c970e169bc2)

Drupal Security Team reports : Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. - Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 - Multiple vulnerabilities due to weakness in pseudorandom numb...

5.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/11/30 12:0 a.m.36 views

Drupal 6.x < 6.29 Multiple Vulnerabilities

The remote web server is running a version of Drupal that is 6.x prior to 6.29. It is, therefore, potentially affected by multiple vulnerabilities : - An error exists related to the HTML form API and validation callbacks as used by third-party modules that could allow an attacker to bypass the...

6.8CVSS6.2AI score0.03072EPSS
Exploits0References4
Drupal
Drupal
added 2013/11/20 12:0 a.m.687 views

SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 Drupal's form API has built-in cross-site request forgery CSRF validation, and also allows any...

6.8CVSS7.1AI score0.03072EPSS
Exploits0References28
FreeBSD
FreeBSD
added 2013/11/20 12:0 a.m.15 views

drupal -- multiple vulnerabilities

Drupal Security Team reports: Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 Multiple vulnerabilities due to weakness in pseudorandom number...

0.6AI score
Exploits0References1
0day.today
0day.today
added 2013/09/12 12:0 a.m.21 views

ymlp.com validated-email grabber from online newsletter company

Obtains email addresses from subscribers to mailinglists of clients of ymlp.com. This is 73 lines of proof-of-concept-Java 7 source code 1 file that does 10 http requests to ymlp.com to obtain one email-address. The emailaddress is printed to stdout along with logging information. This is repeate...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.36 views

Scientific Linux Security Update : ruby on SL4.x, SL5.x i386/x86_64 (20120130)

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays hashes in Ruby. An attacker able to supply a large number of inputs to a...

7.8CVSS7.4AI score0.04246EPSS
Exploits3References3
OpenVAS
OpenVAS
added 2012/07/30 12:0 a.m.31 views

CentOS Update for irb CESA-2012:0070 centos4

Check for the Version of irb OpenVAS Vulnerability Test CentOS Update for irb CESA-2012:0070 centos4 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

7.8CVSS6.4AI score0.04246EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2012/07/30 12:0 a.m.26 views

CentOS Update for ruby CESA-2012:0070 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

7.8CVSS8.3AI score0.04246EPSS
Exploits3References2
Ubuntu
Ubuntu
added 2012/02/28 3:33 a.m.63 views

USN-1377-1: Ruby vulnerabilities

Drew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site scripting attacks when displaying error pages. A remote attacker could use this flaw to run arbitrary web script. CVE-2010-0541 Drew Yao discovered that Ruby's BigDecimal module did not properly allocate memory on 64-bi...

7.8CVSS7.1AI score0.04246EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2012/02/28 12:0 a.m.24 views

Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : ruby1.8 vulnerabilities (USN-1377-1)

Drew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site scripting attacks when displaying error pages. A remote attacker could use this flaw to run arbitrary web script. CVE-2010-0541 Drew Yao discovered that Ruby's BigDecimal module did not properly allocate memory on 64-bi...

7.8CVSS7AI score0.04246EPSS
Exploits5References8
Cent OS
Cent OS
added 2012/01/30 6:44 p.m.77 views

irb, ruby security update

CentOS Errata and Security Advisory CESA-2012:0070 Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

7.8CVSS7.1AI score0.04246EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2001/12/04 12:0 a.m.5 views

PT-2001-2103 · Valicert · Valicert Enterprise Validation Authority (Eva) Administration Server

Name of the Vulnerable Software and Affected Versions: ValiCert Enterprise Validation Authority EVA Administration Server versions 3.3 through 4.2.1 Description: The issue arises from the use of insufficiently random data. This affects two main areas: 1 the generation of session tokens for HSMs,...

7.5CVSS6.7AI score0.01594EPSS
Exploits1References8
Rows per page
Query Builder