RootedCON 2015 Call For Papers – RootedCON is a security congress that will take place between March 7th to the 9th, 2015 in Madrid (Spain).
Monthly Archives: October 2014
This POODLE Bites: Exploiting The SSL 3.0 Fallback
This security advisory discusses how attackers can exploit the downgrade dance and break the cryptographic security of SSL 3.0.
PayPal Inc PDF Mailer Buffer Overflow
PayPal Inc PDF Mailer suffered from a buffer overflow vulnerability.
SEO Control Panel 3.6.0 SQL Injection
SEO Control Panel version 3.0 suffers from a remote authenticated SQL injection vulnerability.
CVE-2014-3566
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the “POODLE” issue.
PayPal Inc iOS Mobile 4.6.0 Input Validation
PayPal Inc iOS Mobile version 4.6.0 suffers from an input validation vulnerability.
Tenda A32 Cross Site Request Forgery
The Tenda A32 router suffers from a cross site request forgery vulnerability.
New POODLE SSL 3.0 Attack Exploits Protocol Fallback Issue
A new attack on the SSLv3 protocol, disclosed Tuesday, takes advantage of an issue with the protocol that enables a network attacker to recover the plaintext communications of a victim. The attack is considered easier to exploit than similar previous attacks against SSL/TLS, such as BEAST and CRIME, and can enable an attacker to retrieve a supposedly secure cookie […]
CVE-2014-1829
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. (CVSS:5.0) (Last Update:2014-10-22)
CVE-2014-1830
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. (CVSS:5.0) (Last Update:2014-10-22)