30th November 2011

Security Advisories

Advisories 2011

Insecure RSA Encryption in jCryption, PEAR Crypt_RSA and Crypt_RSA2 (n/a)

Web applications using jCryption, PEAR Crypt_RSA or Crypt_RSA2 to provide confidentiality are vulnerable to exposure of the data protected by RSA encryption due to insecure padding of the base in the modular exponentiation used for encryption.


Advisories 2008

Urulu 2.1 Blind SQL Injection Vulnerability (CVE-2008-0385)

An AJAX based Blind SQL Injection vulnerability exists in the Web 2.0 CMS framework Urulu 2.1. A remote, anonymous attacker can retrieve arbitrary data from the SQL database. In addition, depending on the database setup, an attacker may upload and execute arbitrary PHP code.


Advisories 2007

Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340, CVE-2008-0580)

LSrunasE 1.0 and Supercrypt 1.0 are utilities used to run commands under a different user account within Windows batch scripts. Passwords are encrypted using strong cryptography. Due to insecure use of the RC4 algorithm, the encryption can be trivially broken.


n/a (CVE-2007-6107)

Issue not public yet. It will be published according to a responsible disclosure policy.


Linux Omnikey CardMan 4040 Driver Buffer Overflow (CVE-2007-0005)

The Linux driver for the Omnikey CardMan 4040 is vulnerable to a locally exploitable kernel level buffer overflow leading to privilege escalation. The issue affects the vendor drivers v1.1.0 through 2.0.0 and the cm4040 driver by Harald Welte included with the Linux kernel 2.6.15 through 2.6.20.1.


Advisories 2001

POP3Lite Output Validation (CVE-2001-0996)

POP3Lite fails to escape dots in messages it transfers to clients. Clients popping their mail from a vulnerable POP3Lite can be sent arbitrary server responses embedded in carefully crafted emails, possibly leading to arbitrary message injection, lost messages, or otherwise annoying client misbehaviour. The issue affects POP3Lite up to 0.2.3b.


ZyXEL Prestige Admin Services on WAN (CVE-1999-0571)

Many ZyXEL ADSL routers such as the P642R have their administrative Telnet and FTP services exposed to the WAN side in default configuration. Additionally, there is the traditional ZyXEL default password in place, which many users fail to change (scan result is: approx. 45% of probed Prestiges have the default password in place). This combination leaves a lot of Prestiges vulnerable to remote attacks, resulting in DoS; malicious firmware being installed; configuration changes; possibly retrieval of ISP login credentials; and attacks to the internal LAN by bouncing off the router; and perhaps more.


PassWD 2000 Weak Encryption (CVE n/a)

PassWD2000 is using a home-brewn encryption algorithm that is trivial to break, effectively giving an attacker access to all login information stored within PassWD2000 once he gains access to a password file.


Advisories 2000

PassWD 1.2 Weak Encryption (CVE-2000-0492)

PassWD 1.2 is using a home-brewn encryption algorithm that is trivial to break, effectively giving an attacker access to all login information stored within PassWD 1.2 once he gains access to a password file.