119 matches found
WP OAuth Server <= 3.1.4 - Insecure Pseudor&om Number Generation
The WP OAuth Server OAuth Authentication WordPress plugin was affected by an Insecure Pseudor Number Generation security vulnerability...
Poor Crypto Dooms Blockchain Android App
Shoddy crypto is being blamed for the loss of Bitcoin for an unnamed number of Blockchain users. Blockchain, one of the busiest Bitcoin wallets, on Thursday released a security update for its Android app correcting the situation. “In rare circumstances, certain versions of the Android operating...
PT-2015-1685 · Openssl +1 · Openssl +3
Name of the Vulnerable Software and Affected Versions: OpenSSL versions 1.0.2 through 1.0.2a excluding 1.0.2a Description: The issue is related to the ssl3 client hello function in OpenSSL, which does not ensure the proper initialization of the pseudorandom number generator PRNG before the...
Cisco NX-OS Multiple ntpd Vulnerabilities
The remote Cisco device is running a version of NX-OS software that is affected by the following vulnerabilities : - Errors exist related to weak cryptographic pseudorandom number generation PRNG, the functions 'ntprandom' and and 'configauth', and the 'ntp-keygen' utility. A man-in-the-middle...
Cisco IOS XR Multiple ntpd Vulnerabilities
The remote Cisco device is running a version of IOS XR software that is affected by the following vulnerabilities : - Errors exist related to weak cryptographic pseudorandom number generation PRNG, the functions 'ntprandom' and and 'configauth', and the 'ntp-keygen' utility. A man-in-the-middle...
Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products Advisory ID: cisco-sa-20141222-ntpd Revision 1.1 Last Updated 2014 December 23 13:37 UTC GMT For Public Release 2014 December 22 16:00 UTC GMT...
PT-2014-2335 · Plone · Plone
Name of the Vulnerable Software and Affected Versions: Plone versions prior to 4.2.3 Plone versions 4.3 prior to beta 1 Description: The issue allows remote attackers to obtain random numbers and derive the PRNG state for password resets. This could potentially be used to gain unauthorized access...
FreeBSD : drupal -- multiple vulnerabilities (d9649816-5e0d-11e3-8d23-3c970e169bc2)
Drupal Security Team reports : Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. - Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 - Multiple vulnerabilities due to weakness in pseudorandom numb...
Drupal 6.x < 6.29 Multiple Vulnerabilities
The remote web server is running a version of Drupal that is 6.x prior to 6.29. It is, therefore, potentially affected by multiple vulnerabilities : - An error exists related to the HTML form API and validation callbacks as used by third-party modules that could allow an attacker to bypass the...
SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities
Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 Drupal's form API has built-in cross-site request forgery CSRF validation, and also allows any...
drupal -- multiple vulnerabilities
Drupal Security Team reports: Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 Multiple vulnerabilities due to weakness in pseudorandom number...
ymlp.com validated-email grabber from online newsletter company
Obtains email addresses from subscribers to mailinglists of clients of ymlp.com. This is 73 lines of proof-of-concept-Java 7 source code 1 file that does 10 http requests to ymlp.com to obtain one email-address. The emailaddress is printed to stdout along with logging information. This is repeate...
Scientific Linux Security Update : ruby on SL4.x, SL5.x i386/x86_64 (20120130)
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays hashes in Ruby. An attacker able to supply a large number of inputs to a...
CentOS Update for irb CESA-2012:0070 centos4
Check for the Version of irb OpenVAS Vulnerability Test CentOS Update for irb CESA-2012:0070 centos4 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
CentOS Update for ruby CESA-2012:0070 centos5
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
USN-1377-1: Ruby vulnerabilities
Drew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site scripting attacks when displaying error pages. A remote attacker could use this flaw to run arbitrary web script. CVE-2010-0541 Drew Yao discovered that Ruby's BigDecimal module did not properly allocate memory on 64-bi...
Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : ruby1.8 vulnerabilities (USN-1377-1)
Drew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site scripting attacks when displaying error pages. A remote attacker could use this flaw to run arbitrary web script. CVE-2010-0541 Drew Yao discovered that Ruby's BigDecimal module did not properly allocate memory on 64-bi...
irb, ruby security update
CentOS Errata and Security Advisory CESA-2012:0070 Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...
PT-2001-2103 · Valicert · Valicert Enterprise Validation Authority (Eva) Administration Server
Name of the Vulnerable Software and Affected Versions: ValiCert Enterprise Validation Authority EVA Administration Server versions 3.3 through 4.2.1 Description: The issue arises from the use of insufficiently random data. This affects two main areas: 1 the generation of session tokens for HSMs,...