Insecure RSA Encryption in jCryption, PEAR Crypt_RSA and Crypt_RSA2

2011-11-30 Thread Daniel Roethlisberger
SWITCH-CERT SECURITY ADVISORY = Vulnerability: Insecure Implementation of RSA Encryption Affected Products: jCryption, PEAR Crypt_RSA, PEAR Crypt_RSA2 Advisory Date: 2011-11-30 Advisory Author:Daniel Roethlisberger, SWITCH-CERT ## Introduction Web

Urulu 2.1 Blind SQL Injection Vulnerability (CVE-2008-0385)

2008-02-28 Thread Daniel Roethlisberger
: High # Author: Daniel Roethlisberger # Date: 2008-02-25 # CVE Name: CVE-2008-0385 # # Introduction An AJAX based Blind SQL Injection vulnerability exists in the Web 2.0 CMS framework Urulu [1]. A

Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340)

2008-01-29 Thread Daniel Roethlisberger
# Risk: Medium # Author: Daniel Roethlisberger # Date: 2008-01-29 # CVE Name: CVE-2007-6340 # # Introduction LSrunasE [1] and Supercrypt [2] are utilities used to run commands under a different user

Buffer Overflow in Linux Drivers for Omnikey CardMan 4040 (CVE-2007-0005)

2007-03-09 Thread Daniel Roethlisberger
# Subject: Buffer Overflow # Risk: Medium # Effect: Locally exploitable # Author: Daniel Roethlisberger ([EMAIL PROTECTED]) # Date: 2007-03-07 # CVE Name: CVE-2007-0005 # # Introduction: - The

Re: ZyXEL Prestige Router Remote Node Filtering Vulnerability still present

2002-07-12 Thread Daniel Roethlisberger
m to be missing the required trailing space. Cheers, Dan [1] http://online.securityfocus.com/archive/1/203313 -- Daniel Roethlisberger <[EMAIL PROTECTED]>

PassWD2000 v2.x Weak Encryption Vulnerability

2001-06-05 Thread Daniel Roethlisberger
le format, thus is very ugly code indeed, and probably unportable (compiles with gcc-2.95.2). It should illustrate how to decode a PEF file though. --[ Afterword ]--- If you copy this text or reuse any part of it, please give due credit (and le