365 matches found
DEBIAN-CVE-2015-1421
Use-after-free vulnerability in the sctpassocupdate function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service slab corruption and panic or possibly have unspecified other impact by triggering an INIT collision that leads to improper...
Design/Logic Flaw
Use-after-free vulnerability in the sctpassocupdate function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service slab corruption and panic or possibly have unspecified other impact by triggering an INIT collision that leads to improper...
CVE-2015-1421
Use-after-free vulnerability in the sctpassocupdate function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service slab corruption and panic or possibly have unspecified other impact by triggering an INIT collision that leads to improper...
CVE-2015-1421
Use-after-free vulnerability in the sctpassocupdate function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service slab corruption and panic or possibly have unspecified other impact by triggering an INIT collision that leads to improper...
CVE-2015-1421
Use-after-free vulnerability in the sctpassocupdate function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service slab corruption and panic or possibly have unspecified other impact by triggering an INIT collision that leads to improper...
Linux Gather NetworkManager 802-11-Wireless-Security Credentials
This module collects 802-11-Wireless-Security credentials such as Access-Point name and Pre-Shared-Key from Linux NetworkManager connection configuration files. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Juniper Netscreen 5.0 VPN Username Enumeration Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14595/info The Juniper Netscreen VPN implementation will identify valid usernames in IKE aggressive mode, when pre-shared key authentication is used. This allows for attackers to obtain a list of valid VPN users. With a...
CVE-2013-5037
The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages...
CVE-2013-5037
The CVE-2013-5037 entry concerns the HOTBOX router (SAGEMCOM HOTBOX F@st 3184) running software version 2.1.11, where a default WPS PIN of 12345670 enables easier access to the WPA/WPA2 PSK via EAP messages. The connected sources corroborate the affected device and version and describe the underl...
CVE-2013-5037
The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages...
Internet Key Exchange (IKE) Aggressive Mode with Pre-Shared Key
The remote Internet Key Exchange IKE version 1 service seems to support Aggressive Mode with Pre-Shared key PSK authentication. Such a configuration could allow an attacker to capture and crack the PSK of a VPN gateway and gain unauthorized access to private networks. C Tenable Network Security,...
initscripts: IPSec ifup script allows for aggressive IKE mode
The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key PSK hash...
RSA Authentication Client information leal
SENSITIVE and NON-EXTRACTABLE flags are ignored for shared kay, making it possible to extract it...
Design/Logic Flaw
The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key...
CVE-2008-4616
The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key...
Authentication flaw
The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key PSK authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames...
CVE-2007-4422
The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key PSK authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames...
Intel® PROSet/Wireless Software Local Information Disclosure
Intel® PROSet/Wireless Software Local Information Disclosure Summary: A security vulnerability exists in the Intel® PROSet/Wireless Software PROSet application because of insecure usage of shared memory allowing a person having access to the user's computer or malicious software installed on the...
CVE-2005-4697
The Microsoft Wireless Zero Configuration system WZCS allows local users to access WEP keys and pair-wise Master Keys PMK of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll...
CVE-2005-4696
The Microsoft Wireless Zero Configuration system WZCS stores WEP keys and pair-wise Master Keys PMK of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network...