4196 matches found
OpenSSL 0.9.6 CA Basic Constraints Validation Vulnerability
According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.7. Such versions do not verify the Basic Constraint for some certificates. A remote attacker could perform a man-in-the-middle attack. Details on this weakness are missing. It is related to...
Code injection
etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key...
Samba SWAT 3.0.2 - 3.0.4 HTTP Basic Auth base64 Buffer Overflow
According to its banner, the version of Samba running on the remote host is between 3.0.2 and 3.0.4, inclusive. An error exists in the base64 decoding functions, which can result in a buffer overflow. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
SWSE - Most advanced Wi-Fi Hacking and Security Course online
SWSE - Most Advanced Wi-Fi Hacking and Security Course online We covered the launch of the SecurityTube Wi-Fi Security Expert in a previous article. As their entire courseware is available online free of charge to evaluate: , I took a look over the weekend and I was very impressed. The instructor...
Pantech Link/P7040P phones SSL certificate chain check vulnerabilities
Intermediate certificate basic constraints are not checked...
SSL Certificate Fails to Adhere to Basic Constraints / Key Usage Extensions
An X.509 certificate sent by the remote host contains one or more violations of the restrictions imposed on it by RFC 5280. This means that either a root or intermediate Certificate Authority signed a certificate incorrectly. Certificates that fail to adhere to the restrictions in their extension...
HTTP Brute Force Logins With Default Credentials
A number of known default credentials are tried for the login via HTTP Basic Auth. As this VT might run into a timeout the actual reporting of this vulnerability takes place in the VT SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, an...
StudioLine Photo Basic 3.70.34.0 Insecure Method
Vulnerability ID: HTB23024 Reference: http://www.htbridge.ch/advisory/studiolinephotobasic3activexcontrolinsecuremethod.html Product: StudioLine Photo Basic 3 Vendor: H&M Software http://studioline.biz Vulnerable Version: 3.70.34.0 and probably prior Tested on: 3.70.34.0 Vendor Notification: 15...
StudioLine Photo Basic 3.70.34.0 - NMSDVDXU.dll ActiveX Control Arbitrary File Overwrite
StudioLine Photo Basic 3.70.34.0 - NMSDVDXU.dll ActiveX Control Arbitrary File Overwrite source: https://www.securityfocus.com/bid/49192/info StudioLine Photo Basic ActiveX is prone to an arbitrary-file-overwrite vulnerability. Attackers can overwrite arbitrary files on the victim's computer in t...
StudioLine Photo Basic 3 ActiveX control Insecure Method
Vulnerability ID: HTB23024 Reference: http://www.htbridge.ch/advisory/studiolinephotobasic3activexcontrolinsecuremethod.html Product: StudioLine Photo Basic 3 Vendor: HM Software http://studioline.biz Vulnerable Version: 3.70.34.0 and probably prior Tested on: 3.70.34.0 Vendor Notification: 15 Ju...
StudioLine Photo Basic 3.70.34.0 - 'NMSDVDXU.dll' ActiveX Control Arbitrary File Overwrite
source: https://www.securityfocus.com/bid/49192/info StudioLine Photo Basic ActiveX is prone to an arbitrary-file-overwrite vulnerability. Attackers can overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control typically Internet...
Fedora Update for system-config-firewall FEDORA-2011-9652
Check for the Version of system-config-firewall OpenVAS Vulnerability Test Fedora Update for system-config-firewall FEDORA-2011-9652 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
CVE-2011-2361
The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site...
CVE-2011-2361
The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site...
CVE-2011-2361
Removed by vendor...
CVE-2011-2361
Google Chrome before 13.0.782.107 has a vulnerability in the Basic Authentication dialog where improper handling of strings could allow remote attackers to capture credentials via a crafted web site (CVE-2011-2361). The issue is tied to Chrome’s authentication UI/Basic Auth dialog, with corrobora...
CVE-2011-2361
The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site...
Mevin Basic PHP Events Lister 2.03 Cross Site Request Forgery
Author: CrazyHacker Script: Mevin Basic PHP Events Lister v2.03 Exploit type: CSRF Vulnerability Add & Delete Admin Download: http://www.mevin.com/downloads/Basic-php-events-lister2.03.zip Risk: High Contact: [email protected] \// S3crity just Suck5 \// EOF...
Mevin Basic PHP Events Lister v2.03 CSRF Vulnerabilities
Exploit for php platform in category web applications Author: CrazyHacker Script: Mevin Basic PHP Events Lister v2.03 Exploit type: CSRF Vulnerability Add & Delete Admin Download: http://www.mevin.com/downloads/Basic-php-events-lister2.03.zip Risk: High Contact: email protected \// S3crity just...
Mevin Basic PHP Events Lister 2.03 - Cross-Site Request Forgery
Mevin Basic PHP Events Lister 2.03 - Cross-Site Request Forgery Author: CrazyHacker Script: Mevin Basic PHP Events Lister v2.03 Exploit type: CSRF Vulnerability Add & Delete Admin Download: http://www.mevin.com/downloads/Basic-php-events-lister2.03.zip Risk: High Contact: [email protected] \//...