74 matches found
CVE-2014-2361
Summary (CVE-2014-2361): OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, expose a key management flaw that allows a physically proximate attacker to read the site security key and spoof communication. The issue arises from improper key handling (key managem...
CVE-2014-2362
The CVE-2014-2362 entry concerns OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, which rely on the time64() value from the C library as entropy for the site security key. This cryptographic weakness can allow an unauthenticated or remote attacker to predict the site key and po...
CVE-2014-2362 OleumTech WIO Use of Cryptographically Weak Pseudo-Random Number Generator
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation...
Snort Back Orifice Pre-Preprocessor Remote Exploit
No description provided by source. $Id: snortbopre.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
OleumTech WIO Family Vulnerabilities
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-202-01 OleumTech WIO Family Vulnerabilities that was published July 21, 2014, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 2 -------- Security researchers Lucas Apa and Carlos Mario Penagos...
[WAF-FLE v0.6.3] Web application firewall: fast log and event console
WAF-FLE is a OpenSource Console for ModSecurity, it allow the modsec admin to view and search events sent by mlogc modsecurity event log handler. Features : Central event console Support Modsecurity in “traditional” and “Anomaly Scoring” Able to receive events sent from mlogc in real time or in...
gnupg -- RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack
Werner Koch reports: CVE-2013-4576 has been assigned to this security bug. The paper describes two attacks. The first attack allows to distinguish keys: An attacker is able to notice which key is currently used for decryption. This is in general not a problem but may be used to reveal the...
Kinect hackers take control of the action !
Christopher Baker spent Boxing Day as a VJ – video jockey – for a warehouse party in Liverpool. Among the items being used was a Microsoft Kinect controller, normally used to play Xbox 360 games such as Kinectimals or Kinect Sports. But Baker wasn't playing games: the system was rigged up to a...
Sguil/PADS SQL Injection / Crash
Sguil/PADS SQL injection and server crash exploit by Ataraxia Benjamin Rose Public announcement made 7/15/09. Please visit http://allmybase.com/ my blog for more up-to-date information, and a quick patch. This exploit has the ability to render any Intrusion Detection System utilizing the sguil...
[SECURITY] Fedora 9 Update: prewikka-0.9.14-2.fc9
Prewikka is a graphical front-end analysis console for the Prelude Hybrid IDS Framework. Providing numerous features, Prewikka facilitates the work of users and analysts. It provides alert aggregation and sensor and hearbeat views, and has user management and configurable filters. It has access t...
IBM Proventia Sensor Appliance - Multiple Input Validation Vulnerabilities
IBM Proventia Sensor Appliance - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/24864/info The IBM Proventia Sensor Appliance is prone to multiple input-validation vulnerabilities, including multiple remote file-include issues and a cross-site scripting issue...
Snort Back Orifice Pre-Preprocessor Buffer Overflow
This module exploits a stack buffer overflow in the Back Orifice pre-processor module included with Snort versions 2.4.0, 2.4.1, 2.4.2, and 2.4.3. This vulnerability could be used to completely compromise a Snort sensor, and would typically gain an attacker full root or administrative privileges...
Intrusion.com SecureNet sensor detection
The remote host appears to be an Intrusion.com SecureNet sensor on this port. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Snort 2.4.0 2.4.3 - Back Orifice Pre-Preprocessor Remote (Metasploit)
Snort 2.4.0 2.4.3 - Back Orifice Pre-Preprocessor Remote Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...