Eventy CMS v1.8 Plus - Multiple Web Vulnerablities

2012-11-13 Thread Vulnerability Lab
Title: == Eventy CMS v1.8 Plus - Multiple Web Vulnerablities Date: = 2012-11-13 References: === http://www.vulnerability-lab.com/get_content.php?id=756 VL-ID: = 756 Common Vulnerability Scoring System: 8.3 Introduction:

Weak password encryption on Huawei products

2012-11-13 Thread roberto . paleari
Weak password encryption on Huawei products === [ADVISORY INFORMATION] Title: Weak password encryption on Huawei products Release date: 13/11/2012 Credits:Roberto Paleari, Emaze Networks (roberto.pale...@emaze.net) Ivan

[OVSA20121112] OpenVAS Manager Vulnerable To Command Injection

2012-11-13 Thread Tim Brown
Summary It has been identified that OpenVAS Manager is vulnerable to command injection due to insufficient validation of user supplied data when processing OMP requests. It has been identified that this vulnerability may allow arbitrary code to be executed with the privileges of the OpenVAS

Zoner Photo Studio v15 b3 - Buffer Overflow Vulnerabilities

2012-11-13 Thread Vulnerability Lab
Title: == Zoner Photo Studio v15 b3 - Buffer Overflow Vulnerabilities Date: = 2012-11-13 References: === http://www.vulnerability-lab.com/get_content.php?id=759 VL-ID: = 759 Common Vulnerability Scoring System: 4.5 Introduction:

Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection

2012-11-13 Thread Tim Brown
Doh, a document gets proof read by multiple people and yet it contains a mistake. In the Current Status section of the advisory, the date is incorrect. A corrected advisory is attached. Tim -- Tim Brown mailto:timb@openvas,org http://www.openvas.org/ OpenVAS Security Advisory (OVSA20121112)

ESA-2012-055: RSA® Data Protection Manager Multiple Vulnerabilities

2012-11-13 Thread Security Alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2012-055: RSA® Data Protection Manager Multiple Vulnerabilities EMC Identifier: ESA-2012-055 CVE Identifier: CVE-2012-4612, CVE-2012-4613 Severity Rating: See below for individual scores and refer vendor advisories for component issues

Re: Wisecracker 1.0 - A high performance distributed cryptanalysis framework

2012-11-13 Thread Jann Horn
On Mon, Nov 05, 2012 at 03:56:21PM -0500, Vikas N Kumar wrote: Wisecracker is an open source high performance distributed cryptanalysis framework that leverages GPUs and multiple CPUs. It allows security researchers to write their own cryptanalysis tools that can distribute brute-force

Re: Wisecracker 1.0 - A high performance distributed cryptanalysis framework

2012-11-13 Thread Vikas N Kumar
On Sat, Nov 10, 2012 at 9:45 AM, Jann Horn jannh...@googlemail.com wrote: I don't think this statement on your website makes much sense: A user can download Wisecracker™ on a GPU cluster virtual machine provided by Amazon EC2® and reverse an MD5 cryptographic hash for a 6