969 matches found
CVE-2014-5075
CVE-2014-5075 : The Ignite Realtime Smack XMPP API (4.x before 4.0.2; 3.x and 2.x when a custom SSLContext is used) does not verify that the SSL certificate’s CN or SAN matches the server hostname, enabling man-in-the-middle with an arbitrary valid certificate. This is a hostname verification fla...
CVE-2014-7506
The Realtime Music Rank aka com.blogspot.imapp.immusicrank2 application 5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Information disclosure
The Realtime Music Rank aka com.blogspot.imapp.immusicrank2 application 5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7506
The Realtime Music Rank aka com.blogspot.imapp.immusicrank2 application 5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7506
The Realtime Music Rank Android app (package com.blogspot.imapp.immusicrank2), version 5.5, does not verify SSL X.509 certificates, enabling potential MITM attackers to spoof servers and access sensitive information via crafted certificates; no remediation details are provided in the connected so...
RHEL 6 : MRG (RHSA-2014:1318)
Updated Red Hat Enterprise MRG Realtime packages that fix multiple security issues and add one enhancement are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, whi...
Moderate: Red Hat Security Advisory: Red Hat Enterprise MRG Realtime 2.5 security and enhancement update
Updated Red Hat Enterprise MRG Realtime packages that fix multiple security issues and add one enhancement are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, whi...
Syslog LogAnalyzer 3.6.5 - Stored XSS Exploit
Exploit for multiple platform in category web applications Vulnerability title: Syslog LogAnalyzer 3.6.5 Stored XSS Author: Dolev Farhi Contact: dolevf at yahoo dot com @dolevff Application: LogAnalyzer 3.6.5 Date: 8.2.2014 Relevant CVEs: CVE-2014-6070 Vulnerable version: alert"xss", and sending ...
Important: Red Hat Security Advisory: kernel-rt security and bug fix update
Updated kernel-rt packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...
Ethernet Industrial Protocol (EtherNet/IP) Client Explicit Message Detection
Binary data 7114.pasl...
Ethernet Industrial Protocol (EtherNet/IP) Server Explicit Message Detection
Binary data 8278.prm...
Ethernet Industrial Protocol (EtherNet/IP) Implicit Message Detection
Binary data 8291.prm...
Ethernet Industrial Protocol (EtherNet/IP) Server Explicit Message Detection
Binary data 7115.pasl...
Ethernet Industrial Protocol (EtherNet/IP) Implicit Message Detection
Binary data 7113.pasl...
Standard & Poors ComStock 4.2.4 Machine Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/1080/info Numerous vulnerabilities exist in the ComStock product, as sold by Standard & Poor's. ComStock is based on the RedHat 5.1 distribution, and contains many of the vulnerabilities found in the 5.1 distribution. In...
openSUSE Security Update : rtkit (openSUSE-SU-2013:1548-1)
rtkit was fixed to avoid a TOCTOU race condition that might have allowed local attackers to gain realtime rights they should not have. CVE-2013-4326 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
CVE-2014-0364
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute...
CVE-2014-0363
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
Design/Logic Flaw
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute...
Design/Logic Flaw
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...