189 matches found
afp-brute NSE Script
Performs password guessing against Apple Filing Protocol AFP. Script Arguments afp.password, afp.username See the documentation for the afp library. passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the unpwdb library. Example Usage nmap -p 548 --scrip...
deprecate MD2 in SSL cert validation (Kaminsky)
The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...
VulnCheck KEV: CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier,...
Fedora 9 : openssl-0.9.8g-9.fc9 (2008-4723)
Fixes moderate impact security issue CVE-2008-0891 and low impact security issue CVE-2008-1672. See also http://www.openssl.org/news/secadv/20080528.txt All applications and system services which utilize OpenSSL library must be restarted for the updates to take effect. Note that Tenable Network...
MDKA-2006:047 : jabber
The OpenSSL library was not properly initialized in the jabber SSL support code, which prevented SSL support for incoming client connections on the jabber server. This update corrects this issue. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not...
Digipass Go3 Token Dumper (at least for 2006)
The initial reverse engineering of Vasco’s Digipass Go3 algorithm follows in C++. I think this implementation is a "rough" approximation, if we take some limitations about 2006 and the calculations made into account. Or I'm just joking… : This generator was able to predict an "otp" collision,...
Important: Red Hat Security Advisory: php security update
Updated php packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A double-free bug was found in the deserialization code of PHP. PHP applications use the unserialize...
RHEL 2.1 : php (RHSA-2005:031)
Updated php packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A double-free bug was found in the deserialization code of PHP. PHP applications use the unserialize...
CVE-2002-0659
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings...