Lucene search
+L

8542 matches found

Vulnrichment
Vulnrichment
added 2005/06/01 4:0 a.m.6 views

CVE-2005-1794

Microsoft Terminal Server using Remote Desktop Protocol RDP 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks...

5.8AI score0.16319EPSS
Exploits1References5
CVE
CVE
added 2005/06/01 4:0 a.m.478 views

CVE-2005-1794

Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, enabling remote attackers to spoof server public keys and perform MITM. The root cause is improper verification during key exchange, allowing an attacker ...

7.4CVSS6.5AI score0.16319EPSS
Exploits1References5Affected Software2
ATTACKERKB
ATTACKERKB
added 2005/06/01 4:0 a.m.5 views

CVE-2005-1794

Microsoft Terminal Server using Remote Desktop Protocol RDP 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks...

7.4CVSS5.8AI score0.16319EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2005/06/01 12:0 a.m.5761 views

Remote Desktop Protocol Server Man-in-the-Middle Weakness

The remote version of the Remote Desktop Protocol Server Terminal Service is vulnerable to a man-in-the-middle MiTM attack. The RDP client makes no effort to validate the identity of the server when setting up encryption. An attacker with the ability to intercept traffic from the RDP server can...

7.4CVSS8.4AI score0.16319EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2005/05/11 12:0 a.m.18 views

GLSA-200505-04 : GnuTLS: Denial of Service vulnerability

The remote host is affected by the vulnerability described in GLSA-200505-04 GnuTLS: Denial of Service vulnerability A vulnerability has been discovered in the record packet parsing in the GnuTLS library. Additionally, a flaw was also found in the RSA key export functionality. Impact : A remote...

5CVSS5.4AI score0.01931EPSS
Exploits0References3
CERT
CERT
added 2005/05/11 12:0 a.m.27 views

RSA Authentication Agent for Web for IIS vulnerable to heap overflow via overly large "chunk"

Overview RSA Authentication Agent for Web for IIS contains a heap overflow in the handling of chunked input. This could allow a remote, unauthenticated attacker to execute arbitrary code on the server. Description RSA Authentication Agent software provides access control for networks, web...

7.5CVSS7.5AI score0.02634EPSS
Exploits4References7
CVE
CVE
added 2005/05/10 4:0 a.m.47 views

CVE-2004-1855

CVE-2004-1855 affects Dark Age of Camelot prior to 1.68 live patch. The RSA public key is not signed, enabling potential MITM by remote malicious servers to access sensitive information. No explicit fix or patch details are provided in the supplied documents.

5CVSS6.7AI score0.02612EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2005/05/10 4:0 a.m.16 views

CVE-2004-1855

Dark Age of Camelot before 1.68 live patch does not sign the RSA public key, which could allow remote malicious servers to gain sensitive information via a man-in-the-middle attack...

6.4AI score0.02612EPSS
Exploits1References5
Gentoo Linux
Gentoo Linux
added 2005/05/09 12:0 a.m.35 views

GnuTLS: Denial of Service vulnerability

Background GnuTLS is a free TLS 1.0 and SSL 3.0 implementation for the GNU project. Description A vulnerability has been discovered in the record packet parsing in the GnuTLS library. Additionally, a flaw was also found in the RSA key export functionality. Impact A remote attacker could exploit...

5CVSS6.2AI score0.01931EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/05/09 12:0 a.m.38 views

RSA Security RSA Authentication Agent For Web For IIS XSS

The remote host appears to be running RSA Authentication Agent for Web for IIS. The remote version of this application fails to adequately sanitize input to the 'postdata' variable of IISWebAgentIF.dll. A remote attacker could exploit this by tricking a user into requesting a maliciously crafted...

4.3CVSS5.4AI score0.02508EPSS
Exploits0References2
NVD
NVD
added 2005/05/06 4:0 a.m.25 views

CVE-2005-1471

Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 allows remote attackers to execute arbitrary code via crafted chunked-encoding data...

7.5CVSS8AI score0.02634EPSS
Exploits4References2
CVE
CVE
added 2005/05/06 4:0 a.m.61 views

CVE-2005-1471

The CVE-2005-1471 issue is a heap overflow in RSA Authentication Agent for Web for IIS (RSA SecurID Web Agent) when processing chunked transfer-encoding data. This vulnerability could allow a remote attacker to execute arbitrary code on the server, typically with LocalSystem privileges on the IIS...

7.5CVSS8AI score0.02634EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2005/05/06 4:0 a.m.30 views

CVE-2005-1471

Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 allows remote attackers to execute arbitrary code via crafted chunked-encoding data...

8AI score0.02634EPSS
Exploits4References2
securityvulns
securityvulns
added 2005/05/06 12:0 a.m.252 views

[Full-disclosure] [SEC-1 LTD] RSA SecurID Web Agent Heap Overflow

SEC-1 LTD. www.sec-1.com Security Advisory Advisory Name: RSA SecurID Web Agent Heap Overflow Release Date: 06-05-2005 Application: RSA SecurID Web Agent 5 RSA SecurID Web Agent 5.2 RSA SecurID web Agent 5.3 Platform: Windows 2000 / IIS Severity: Remote Code Execution Author: Gary O'leary-Steele...

0.9AI score
Exploits0
Cvelist
Cvelist
added 2005/04/21 4:0 a.m.27 views

CVE-2001-1461

Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded 1 /.. or 2 .. sequences...

6.6AI score0.01818EPSS
Exploits0References3
CVE
CVE
added 2005/04/21 4:0 a.m.56 views

CVE-2001-1461

CVE-2001-1461 is a directory traversal vulnerability in the WebID component of RSA Security SecurID 5.0, used by ACE/Agent on Windows, Windows NT and Windows 2000. The root cause is improper handling of URL-encoded sequences ("/.." and ".."), allowing an attacker to access restricted resources. T...

7.5CVSS7AI score0.01818EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2005/04/16 4:0 a.m.78 views

CVE-2005-1118

CVE-2005-1118 describes a cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll of the RSA Authentication Agent for Web 5.2. The flaw allows remote attackers to inject arbitrary web script or HTML via the postdata parameter. The CVE entry lists the affected product as RSA Authentication A...

4.3CVSS5.6AI score0.02508EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2005/04/16 4:0 a.m.37 views

CVE-2005-1118

Cross-site scripting XSS vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter...

5.5AI score0.02508EPSS
Exploits0References6
exploitpack
exploitpack
added 2005/04/15 12:0 a.m.7 views

RSA Security RSA Authentication Agent For Web 5.2 - Cross-Site Scripting

RSA Security RSA Authentication Agent For Web 5.2 - Cross-Site Scripting source: https://www.securityfocus.com/bid/13168/info A remote cross-site scripting vulnerability affects the RSA Security RSA Authentication Agent for Web. This issue is due to a failure of the application to properly saniti...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2005/04/15 12:0 a.m.43 views

[SA14954] RSA Authentication Agent for Web for IIS Cross-Site Scripting

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: RSA Authentication Agent for Web for IIS Cross-Site...

0.9AI score
Exploits0
Rows per page
Query Builder