888 matches found
Exponent CMS 0.96.5/0.96.6 - 'magpie_debug.php?url' Cross-Site Scripting
source: https://www.securityfocus.com/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute...
Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php?icodir' Traversal Arbitrary Directory Listing
source: https://www.securityfocus.com/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute...
Exponent CMS 0.96.50.96.6 - iconspopup.php?icodir Traversal Arbitrary Directory Listing
Exponent CMS 0.96.50.96.6 - iconspopup.php?icodir Traversal Arbitrary Directory Listing source: https://www.securityfocus.com/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these...
openssl signature forgery
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...
openssl signature forgery
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...
openssl signature forgery
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...
FreeBSD : openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3) (077c2dca-8f9a-11db-ab33-000e0c2e438a)
Problem Description When verifying a PKCS1 v1.5 signature, OpenSSL ignores any bytes which follow the cryptographic hash being signed. In a valid signature there will be no such bytes. Impact OpenSSL will incorrectly report some invalid signatures as valid. When an RSA public exponent of 3 is use...
DEBIAN-CVE-2006-5462
Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...
security flaw
Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...
security flaw
Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...
security flaw
Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...
RSA Signature Forgery (variant) — Mozilla
MFSA 2006-60 reported that RSA digital signatures with a low exponent typically 3 could be forged. This flaw was corrected in the Mozilla Network Security Services NSS library version 3.11.3 used by Firefox 2.0 and current development versions of Mozilla clients...
Mozilla Network Security Service (NSS): RSA signature forgery
Background The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description Daniel Bleichenbacher discovered that it might be possible to forge signatures signed by RSA keys with th...
openssl public key DoS
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service CPU consumption via parasitic public keys with large 1 "public exponent" or 2 "public modulus" values in X.509 certificates that require extra time to process when using RSA...
DEBIAN-CVE-2006-2940
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service CPU consumption via parasitic public keys with large 1 "public exponent" or 2 "public modulus" values in X.509 certificates that require extra time to process when using RSA...
CVE-2006-4963
Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. dot dot sequence in the view parameter in the showview action in the calendarmodule module, as demonstrated by executing PHP code through session files...
CVE-2006-4963
Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. dot dot sequence in the view parameter in the showview action in the calendarmodule module, as demonstrated by executing PHP code through session files...
CVE-2006-4963
Exponent CMS 0.96.3 is vulnerable to a local file inclusion (LFI) via the view parameter in the calendarmodule’s show_view action (index.php). The underlying issue is improper handling of ../ sequences that allows remote attackers to read and execute arbitrary local files, demonstrated by PHP cod...
FreeBSD : opera -- RSA Signature Forgery (1fe734bf-4a06-11db-b48d-00508d6a62df)
Opera reports : A specially crafted digital certificate can bypass Opera's certificate signature verification. Forged certificates can contain any false information the forger chooses, and Opera will still present it as valid. Opera will not present any warning dialogs in this case, and the...
A forged SSL server certificate can be accepted by Opera as a valid certificate – Opera Security Advisories
A forged SSL server certificate can be accepted by Opera as a valid certificate – Opera Security Advisories OPCOM Team | September 21, 2006 Summary: A forged SSL server certificate can be accepted by Opera as a valid certificate. Severity: Highly critical Vulnerable versions: Opera for desktop...