8542 matches found
CVE-2005-1794
Microsoft Terminal Server using Remote Desktop Protocol RDP 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks...
CVE-2005-1794
Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, enabling remote attackers to spoof server public keys and perform MITM. The root cause is improper verification during key exchange, allowing an attacker ...
CVE-2005-1794
Microsoft Terminal Server using Remote Desktop Protocol RDP 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks...
Remote Desktop Protocol Server Man-in-the-Middle Weakness
The remote version of the Remote Desktop Protocol Server Terminal Service is vulnerable to a man-in-the-middle MiTM attack. The RDP client makes no effort to validate the identity of the server when setting up encryption. An attacker with the ability to intercept traffic from the RDP server can...
GLSA-200505-04 : GnuTLS: Denial of Service vulnerability
The remote host is affected by the vulnerability described in GLSA-200505-04 GnuTLS: Denial of Service vulnerability A vulnerability has been discovered in the record packet parsing in the GnuTLS library. Additionally, a flaw was also found in the RSA key export functionality. Impact : A remote...
RSA Authentication Agent for Web for IIS vulnerable to heap overflow via overly large "chunk"
Overview RSA Authentication Agent for Web for IIS contains a heap overflow in the handling of chunked input. This could allow a remote, unauthenticated attacker to execute arbitrary code on the server. Description RSA Authentication Agent software provides access control for networks, web...
CVE-2004-1855
CVE-2004-1855 affects Dark Age of Camelot prior to 1.68 live patch. The RSA public key is not signed, enabling potential MITM by remote malicious servers to access sensitive information. No explicit fix or patch details are provided in the supplied documents.
CVE-2004-1855
Dark Age of Camelot before 1.68 live patch does not sign the RSA public key, which could allow remote malicious servers to gain sensitive information via a man-in-the-middle attack...
GnuTLS: Denial of Service vulnerability
Background GnuTLS is a free TLS 1.0 and SSL 3.0 implementation for the GNU project. Description A vulnerability has been discovered in the record packet parsing in the GnuTLS library. Additionally, a flaw was also found in the RSA key export functionality. Impact A remote attacker could exploit...
RSA Security RSA Authentication Agent For Web For IIS XSS
The remote host appears to be running RSA Authentication Agent for Web for IIS. The remote version of this application fails to adequately sanitize input to the 'postdata' variable of IISWebAgentIF.dll. A remote attacker could exploit this by tricking a user into requesting a maliciously crafted...
CVE-2005-1471
Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 allows remote attackers to execute arbitrary code via crafted chunked-encoding data...
CVE-2005-1471
The CVE-2005-1471 issue is a heap overflow in RSA Authentication Agent for Web for IIS (RSA SecurID Web Agent) when processing chunked transfer-encoding data. This vulnerability could allow a remote attacker to execute arbitrary code on the server, typically with LocalSystem privileges on the IIS...
CVE-2005-1471
Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 allows remote attackers to execute arbitrary code via crafted chunked-encoding data...
[Full-disclosure] [SEC-1 LTD] RSA SecurID Web Agent Heap Overflow
SEC-1 LTD. www.sec-1.com Security Advisory Advisory Name: RSA SecurID Web Agent Heap Overflow Release Date: 06-05-2005 Application: RSA SecurID Web Agent 5 RSA SecurID Web Agent 5.2 RSA SecurID web Agent 5.3 Platform: Windows 2000 / IIS Severity: Remote Code Execution Author: Gary O'leary-Steele...
CVE-2001-1461
Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded 1 /.. or 2 .. sequences...
CVE-2001-1461
CVE-2001-1461 is a directory traversal vulnerability in the WebID component of RSA Security SecurID 5.0, used by ACE/Agent on Windows, Windows NT and Windows 2000. The root cause is improper handling of URL-encoded sequences ("/.." and ".."), allowing an attacker to access restricted resources. T...
CVE-2005-1118
CVE-2005-1118 describes a cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll of the RSA Authentication Agent for Web 5.2. The flaw allows remote attackers to inject arbitrary web script or HTML via the postdata parameter. The CVE entry lists the affected product as RSA Authentication A...
CVE-2005-1118
Cross-site scripting XSS vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter...
RSA Security RSA Authentication Agent For Web 5.2 - Cross-Site Scripting
RSA Security RSA Authentication Agent For Web 5.2 - Cross-Site Scripting source: https://www.securityfocus.com/bid/13168/info A remote cross-site scripting vulnerability affects the RSA Security RSA Authentication Agent for Web. This issue is due to a failure of the application to properly saniti...
[SA14954] RSA Authentication Agent for Web for IIS Cross-Site Scripting
---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: RSA Authentication Agent for Web for IIS Cross-Site...