149 matches found
CISCO IDS Manager Detection (HTTP)
Detects if CISCO IDS Manager is running on a given host and port. The IDS Device Manager is a web-based Java application that resides on the sensor and is accessed via a secure, encrypted TLS link using standard Netscape and Internet Explorer web browsers to perform various management and...
Firefox self signed certificate flaw
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also...
Peer-trusted certs can use alt names to spoof — Mozilla
Mozilla developer John G. Myers reported a weakness in the trust model used by Mozilla regarding alternate names on self-signed certificates and those with mismatched names that if accepted could be used to spoof a secure connection to any other site. This problem was independently reported by...
n.runs-SA-2008.001 - Jscape Secure FTP Applet
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2008.001 23-June-2008 Vendor: Jscape, http://www.jscape.com/ Affected Products: Jscape Secure FTP Applet http://www.jscape.com/sftpapplet/index.html Vulnerability: SSH Host key is not verified allowing for Man in the Middle attacks Ris...
[SECURITY] Fedora 8 Update: python-paramiko-1.7.1-3.fc8
Paramiko a combination of the esperanto words for "paranoid" and "friend" is a module for python 2.3 or greater that implements the SSH2 protocol for se cure encrypted and authenticated connections to remote machines. Unlike SSL a ka TLS, the SSH2 protocol does not require heirarchical certificat...
Debian DSA-956-1 : lsh-server - filedescriptor leak
Stefan Pfetzing discovered that lshd, a Secure Shell v2 SSH2 protocol server, leaks a couple of file descriptors, related to the randomness generator, to user shells which are started by lshd. A local attacker can truncate the server's seed file, which may prevent the server from starting, and wi...
DSA-956-1 lsh-server - filedescriptor leak
Bulletin has no description...
osCommerce Malformed Session ID XSS Vuln
Vendor : osCommerce URL : http://www.oscommerce.com Version : All Current Versions Risk : Cross Site Scripting Description: osCommerce is an online shop e-commerce solution under on going development by the open source community. Its feature packed out-of-the-box installation allows store owners ...
Проблемы с Secure Session Id в IIS
При использовании защищенного соединения не генируется Secure Cookie для передачи Session Id, вместо это используется тот же ID что и для незащищенного соединения, что позволяет перехватить защищенное соединение...