Searching s key software vulnerabilities

A system-critical Windows NT registry key has i

system-critical | inappropriate | permissions | registry | Windows | key | has |

A system-critical Windows NT registry key has inappropriate permissions.


A system-critical Windows NT registry key has a

system-critical | inappropriate | registry | Windows | value | key | has |

A system-critical Windows NT registry key has an inappropriate value.


An application-critical Windows NT registry key

application-critical | inappropriate | permissions | registry | Windows | key | has |

An application-critical Windows NT registry key has inappropriate permissions.


An application-critical Windows NT registry key

application-critical | inappropriate | registry | Windows | value | key | has |

An application-critical Windows NT registry key has an inappropriate value.


The "AEDebug" registry key is installed with in

automatically | permissions | installed | "AEDebug" | executed | debugger | registry | insecure | specify | Trojan | modify | system | allows | crash | local | which | Horse | users | key |

The "AEDebug" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system crash.


The split key mechanism used by PGP 7.0 allows

authenticate | passphrases | passphrase | capturing | mechanism | setting | holders | allows | "Cache | option | logged | obtain | holder | access | entire | share | other | while | split | used | they | key | on" | PGP |

The split key mechanism used by PGP 7.0 allows a key share holder to obtain access to the entire key by setting the "Cache passphrase while logged on" option and capturing the passphrases of other share holders as they authenticate.


Common Cryptographic Architecture (CCA) in IBM

Cryptographic | Architecture | Common |

Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker with physical access to the system and Combine_Key_Parts permissions, to steal DES and 3DES keys by using a brute force attack to create a 3DES exporter key.


Starfish Truesync Desktop 2.0b as used on the R

Truesync | Starfish | Desktop | used | REX | 20b |

Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges.


Compaq Intel PRO/Wireless 2011B LAN USB Device

PRO/Wireless | Device | Compaq | Driver | 2011B | Intel | LAN | USB |

Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through 1.5.18.0 stores the 128-bit WEP (Wired Equivalent Privacy) key in plaintext in a registry key with weak permissions, which allows local users to decrypt network traffic by reading the WEP key from the registry key.


VPN Server module in Linksys EtherFast BEFVP41

EtherFast | Cable/DSL | BEFVP41 | Linksys | before | Router | Server | module | VPN |

VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys.


GnuPG (GPG) 1.0.2, and other versions up to 1.2

GnuPG |

GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.


SpiderSales shopping cart does not enforce a mi

SpiderSales | factoring | shopping | minimum | private | enforce | easier | obtain | length | users | local | which | cart | does | make | not | key | can |

SpiderSales shopping cart does not enforce a minimum length for the private key, which can make it easier for local users to obtain the private key by factoring.


Spider Sales shopping cart stores the private k

shopping | database | private | decrypt | allows | Spider | public | stores | access | users | local | which | Sales | table | cart | same | data | key |

Spider Sales shopping cart stores the private key in the same database and table as the public key, which allows local users with access to the database to decrypt data.


NotifyLink, when configured for client key retr

/hwp/getasp | encryption | NotifyLink | configured | retrieval | attackers | request | direct | obtain | allows | scheme | client | remote | then | uses | keys | weak | key | AES | via |

NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack.


GameSpy SDK CD-Key Validation Toolkit, as used

Validation | attackers | command | sending | spoofed | GameSpy | Toolkit | bypass | longer | server | \disc\ | CD-Key | online | remote | allows | which | tells | games | many | used | use | key | SDK |

GameSpy SDK CD-Key Validation Toolkit, as used by many online games, allows remote attackers to bypass the CD key validation by sending a spoofed \disc\ command, which tells the server the CD key is no longer in use.


Gamespy cd-key validation system allows remote

validation | attackers | Gamespy | service | denial | remote | system | cd-key | allows | cause |

Gamespy cd-key validation system allows remote attackers to cause a denial of service (cd-key already in use) by capturing and replaying a cd-key authorization session.


The key selection dialogue in Enigmail before 0

selection | Enigmail | dialogue | before | key |

The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message.


WebEOC before 6.0.2 uses the same secret key fo

before | WebEOC |

WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation.


The sys_add_key function in the keyring code in

sys_add_key | function | keyring | kernel | Linux | code |

The sys_add_key function in the keyring code in Linux kernel 2.6.16.1 and 2.6.17-rc1, and possibly earlier versions, allows local users to cause a denial of service (OOPS) via keyctl requests that add a key to a user key instead of a keyring key, which causes an invalid dereference in the __keyring_search_one function.


The Enova X-Wall ASIC encrypts with a key obtai

duplicating | cleartext | Microwire | obtained | hardware | sniffing | physical | encrypts | reading | located | access | obtain | allows | serial | X-Wall | stores | EEPROM | token | which | Enova | users | local | ASIC | bus | via | key |

The Enova X-Wall ASIC encrypts with a key obtained via Microwire from a serial EEPROM that stores the key in cleartext, which allows local users with physical access to obtain the key by reading and duplicating an EEPROM that is located on a hardware token, or by sniffing the Microwire bus.


Software vulnerabilities results 1 to 20 of 276     
Page: 12345...14