Insecure RSA Encryption in jCryption, PEAR Crypt_RSA and Crypt_RSA2 (n/a)
Web applications using jCryption, PEAR Crypt_RSA or Crypt_RSA2 to provide confidentiality are vulnerable to exposure of the data protected by RSA encryption due to insecure padding of the base in the modular exponentiation used for encryption.
- Advisory: R201101
Urulu 2.1 Blind SQL Injection Vulnerability (CVE-2008-0385)
An AJAX based Blind SQL Injection vulnerability exists in the Web 2.0 CMS framework Urulu 2.1. A remote, anonymous attacker can retrieve arbitrary data from the SQL database. In addition, depending on the database setup, an attacker may upload and execute arbitrary PHP code.
- Advisory: R200801 Patch
- Compass Security: CVE-2008-0385
- MITRE CVE: CVE-2008-0385
- NIST NVD: CVE-2008-0385
- Bugtraq: BID 28032
- Secunia: SA 29162
Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340, CVE-2008-0580)
LSrunasE 1.0 and Supercrypt 1.0 are utilities used to run commands under a different user account within Windows batch scripts. Passwords are encrypted using strong cryptography. Due to insecure use of the RC4 algorithm, the encryption can be trivially broken.
- Advisory: R200703
- Compass Security: CVE-2007-6340
- MITRE CVE: CVE-2007-6340 CVE-2008-0580
- Bugtraq: BID 27500
- NIST NVD: CVE-2007-6340 CVE-2008-0580
Issue not public yet. It will be published according to a responsible disclosure policy.
Linux Omnikey CardMan 4040 Driver Buffer Overflow (CVE-2007-0005)
The Linux driver for the Omnikey CardMan 4040 is vulnerable to a locally exploitable kernel level buffer overflow leading to privilege escalation. The issue affects the vendor drivers v1.1.0 through 2.0.0 and the cm4040 driver by Harald Welte included with the Linux kernel 2.6.15 through 184.108.40.206.
- Advisory: R200701 PoC
- Compass Security: linux-kernel-cm4040-bof
- MITRE CVE: CVE-2007-0005
- Bugtraq: BID 22870
- OSVDB: ID 33023
- NIST NVD: CVE-2007-0005
- FrSIRT: FrSIRT/ADV-2007-0872 CVE-2007-0005
- CIAC: R-180
- Secunia: SA 24436
- ISS X-Force: 32880
- SecuriTeam: 5CP0D0AKUA
- SANS: CVE-2007-0005
POP3Lite Output Validation (CVE-2001-0996)
POP3Lite fails to escape dots in messages it transfers to clients. Clients popping their mail from a vulnerable POP3Lite can be sent arbitrary server responses embedded in carefully crafted emails, possibly leading to arbitrary message injection, lost messages, or otherwise annoying client misbehaviour. The issue affects POP3Lite up to 0.2.3b.
ZyXEL Prestige Admin Services on WAN (CVE-1999-0571)
Many ZyXEL ADSL routers such as the P642R have their administrative Telnet and FTP services exposed to the WAN side in default configuration. Additionally, there is the traditional ZyXEL default password in place, which many users fail to change (scan result is: approx. 45% of probed Prestiges have the default password in place). This combination leaves a lot of Prestiges vulnerable to remote attacks, resulting in DoS; malicious firmware being installed; configuration changes; possibly retrieval of ISP login credentials; and attacks to the internal LAN by bouncing off the router; and perhaps more.
PassWD 2000 Weak Encryption (CVE n/a)
PassWD2000 is using a home-brewn encryption algorithm that is trivial to break, effectively giving an attacker access to all login information stored within PassWD2000 once he gains access to a password file.
PassWD 1.2 Weak Encryption (CVE-2000-0492)
PassWD 1.2 is using a home-brewn encryption algorithm that is trivial to break, effectively giving an attacker access to all login information stored within PassWD 1.2 once he gains access to a password file.