appleupdate-exec.txt

--------------------------------------------------------------------- Apple Mac OS X Software Update Remote Command Execution Vulnerability Copyright c 2007 Moritz Jodeit 2007/12/17 --------------------------------------------------------------------- I. Vulnerability Description The OS X Softwar...

An IE browser vulnerability security testing and analysis-vulnerability warning-the black bar safety net

Today saw on the Internet A IE little vulnerability. Do the following simple analysis The use method is as follows Program code: img src="sysimage://C:\WINNT\Notepad.exe,7 7 7" onError="document. write’bFile Exists!& lt;/b’;" Just start very strange this sysimage://is a Protocol,so in IE into:...

Meridian Prolog Manager uses weak authentication to store and transmit user credentials

Overview Meridian Systems Prolog Manager does not use strong encryption and returns a list of all user credentials when authenticating clients. These behaviors could allow an attacker to obtain user credentials and decrypt passwords. Description Meridian Systems Prolog Manager is a set of...

With SockOnline software easily break the port restriction-vulnerability warning-the black bar safety net

Fiis divided into the Sock, HTTP, FTP, and other types, respectively suitable for different applications. However, sometimes the network is only open 8 0 port for HTTP web browsing. Faced with this situation, we must do nothing? Of course not, in SockOnline this special agent software help, we ca...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication. The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a reque...

CVE-2007-5770

The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL...

net:: * modules

The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL...

Update Protections against Recent Malware Threats (7-Nov-07)

Malware is a software designed to infiltrate or damage a computer system without the owner's informed consent. It is a general name for a variety of forms of hostile, intrusive, or annoying programs like Viruses, worms, Adware, Trojans, and spyware that exploit unprotected clients, using network...

Ruby Net::HTTPS library does not validate server certificate CN

The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL...

CVE-2007-5162

CVE-2007-5162 affects Ruby 1.8.5/1.8.6: Net::HTTP and Net::HTTPS do not verify the server certificate CN against the requested domain, enabling MITM or spoofed sites. The connected MiracleLinux advisory ( AXSA-2007-63:01 ) reiterates the flaw across multiple Net modules (including Net::HTTP/Net::...

Ruby Net::HTTPS library does not validate server certificate CN

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

AK922: break the disk to a lower detection implementation file is hidden-a vulnerability warning-the black bar safety net

AK922: break the disk to a lower detection implementation file hidden Author: Azy email: [email protected] Completed on: 2007-08-08 Currently, some of the published mainstream anti-rootkit detects hidden files, there are two main methods: the first one is a file system layer of detection, which...

CVE-2007-4616

The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept...

CVE-2007-4616

The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept...

Without the lsass process to decrypt the system administrator password-vulnerability warning-the black bar safety net

【Original copyright, the Sadie Starter, cooperation website for reprint please indicate the source“newsdesk”and Article author! Decline of non-cooperation website reprint, the offender, the newsdesk will retain pursue its legal responsibility rights!】 Lsass. exe is a Windows system is an essentia...

Crack X-file lock-bug warning-the black bar safety net

Listen to a friend description great all day following this company has the safety zoom, Phantom of the background, technical strength is good, so go to their forums saunter a turn, found a X-file lock, looks like a good look, try the next, uh, really good, 1 min less than it is I crack up...... ...

security flaw

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...

security flaw

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...

Authorization

The Avaya 4602SW IP Phone Model 4602D02A with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications...

CVE-2007-2480

The udplibgetport function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other application...