CVE-2007-5770

The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication. The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a reque...

net:: * modules

The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL...

Update Protections against Recent Malware Threats (7-Nov-07)

Malware is a software designed to infiltrate or damage a computer system without the owner's informed consent. It is a general name for a variety of forms of hostile, intrusive, or annoying programs like Viruses, worms, Adware, Trojans, and spyware that exploit unprotected clients, using network...

Ruby Net::HTTPS library does not validate server certificate CN

The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL...

CVE-2007-5162

CVE-2007-5162 affects Ruby 1.8.5/1.8.6: Net::HTTP and Net::HTTPS do not verify the server certificate CN against the requested domain, enabling MITM or spoofed sites. The connected MiracleLinux advisory ( AXSA-2007-63:01 ) reiterates the flaw across multiple Net modules (including Net::HTTP/Net::...

Ruby Net::HTTPS library does not validate server certificate CN

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

AK922: break the disk to a lower detection implementation file is hidden-a vulnerability warning-the black bar safety net

AK922: break the disk to a lower detection implementation file hidden Author: Azy email: [email protected] Completed on: 2007-08-08 Currently, some of the published mainstream anti-rootkit detects hidden files, there are two main methods: the first one is a file system layer of detection, which...

CVE-2007-4616

The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept...

CVE-2007-4616

The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept...

Without the lsass process to decrypt the system administrator password-vulnerability warning-the black bar safety net

【Original copyright, the Sadie Starter, cooperation website for reprint please indicate the source“newsdesk”and Article author! Decline of non-cooperation website reprint, the offender, the newsdesk will retain pursue its legal responsibility rights!】 Lsass. exe is a Windows system is an essentia...

Crack X-file lock-bug warning-the black bar safety net

Listen to a friend description great all day following this company has the safety zoom, Phantom of the background, technical strength is good, so go to their forums saunter a turn, found a X-file lock, looks like a good look, try the next, uh, really good, 1 min less than it is I crack up...... ...

security flaw

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...

security flaw

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...

Authorization

The Avaya 4602SW IP Phone Model 4602D02A with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications...

CVE-2007-2480

The udplibgetport function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other application...

iDefense Security Advisory 04.30.07: Cerulean Studios Trillian Multiple IRC Vulnerabilities

Cerulean Studios Trillian Multiple IRC Vulnerabilities iDefense Security Advisory 04.30.07 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 30, 2007 I. BACKGROUND Cerulean Studios Trillian is a multi-protocol chat application that supports IRC, ICQ, AIM and MSN protocols. More informati...

CVE-2007-1692

CVE-2007-1692 concerns WPAD abuse via name registrations in Windows WINS/DNS. The default Windows config may allow remote attackers to intercept user web traffic by registering a proxy using WINS/DNS and answering WPAD requests (as shown with Internet Explorer). Related entries (CVE-2009-0093/009...

CVE-2007-1692

The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol WPAD without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet...

Breakthrough Proactive Defense registry monitoring review(updated)-vulnerability warning-the black bar safety net

Currently active Defense concept has been firmly established, many antivirus, software, fire protection, and HIPS are having a registry monitoring function, to prevent from startup items and IE-related key value is modified, to guard against viruses Trojans and malware and other malicious program...