3573 matches found
NX Web Companion Spoofing Arbitrary Code Execution Vulnerability
Vuln Title: NX Web Companion Spoofing Arbitrary Code Execution Vulnerability Date: 25.01.2012 Author: otr Software Link: http://www.nomachine.com/documents/plugin/install.php Version: = 3.x Tested on: Linux, Windows, Mac OS X x86, Mac OS X PPC, Solaris CVE : None, yet Summary The No Machine NX We...
Apple iOS < 5.0.1 Multiple Vulnerabilities
Binary data appleios501check.nbin...
SMB Signing not required
Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid57608; scriptversion"1.20";...
CVE-2011-4560
Cross-site scripting XSS vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition...
Fedora 14 : nss-3.12.10-7.fc14 (2011-15586)
This security update revokes trust in DigiCert Sdn. Bhd Intermediate Certificate Authority from NSS - rhbz751674 It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority CA issued HTTPS certificates with weak keys. This update renders any HTTPS certificates signed...
HPSBPI02728 SSRT100692 rev.7 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
Potential Security Impact Remote firmware update enabled by default VULNERABILITY SUMMARY In November, 2011, a potential security vulnerability was identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware...
Medium: nss
Issue Overview: It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority CA issued HTTPS certificates with weak keys. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and co...
Apple Releases iOS Patch Fixing Flaw That Led to Charlie Miller's Expulsion
Apple shipped an update to their IOS mobile platform on Thursday that included patches for a number of security vulnerabilities, including a resolution for a vulnerability that led to the expulsion of renowned security researcher, Charlie Miller, from Apple’s developer program. As reported by...
CentOS Update for nss CESA-2011:1444 centos4 i386
Check for the Version of nss OpenVAS Vulnerability Test CentOS Update for nss CESA-2011:1444 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
RedHat Update for nss RHSA-2011:1444-01
Check for the Version of nss OpenVAS Vulnerability Test RedHat Update for nss RHSA-2011:1444-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
RedHat Update for nss RHSA-2011:1444-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Researcher Charlie Miller kicked out from iOS dev program for Exploiting iOS security flaw
Researcher Charlie Miller kicked out from iOS dev program for Exploiting iOS security flaw A major security flaw in Apple's iOS operating system that could allow hackers to remotely gain unauthorized access to an iPhone, iPod touch or iPad has been uncovered by a security expert "Charlie Miller "...
Demo of Charlie Miller's iOS Code-Signing Bug
Security researcher Charlie Miller of Accuvant discovered a vulnerability in the Apple iOS software that enables him to use an app he placed in the iTunes App Store to download unsigned code from a remote Web server and run it on any iOS device. In this video, he demonstrates the app and the way...
IT-Grundschutz M4.334: SMB Message Signing und Samba
IT-Grundschutz M4.334: SMB Message Signing und Samba ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94241 Diese Prüfung bezieht sich auf die 12. Ergänzungslieferung 12...
IT-Grundschutz M4.334: SMB Message Signing und Samba
IT-Grundschutz M4.334: SMB Message Signing und Samba ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94241 Diese Prüfung bezieht sich auf die 12. Ergänzungslieferung 12...
DEBIAN-CVE-2011-3848
Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request CSR to arbitrary locations via 1 a double-encoded key parameter in the URI in 2.7.x, 2 the CN in the Subject of a CSR in 2.6 and 0.25...
DEBIAN-CVE-2011-3872
Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise PE Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof ...
Design/Logic Flaw
Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise PE Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof ...
Directory traversal
Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request CSR to arbitrary locations via 1 a double-encoded key parameter in the URI in 2.7.x, 2 the CN in the Subject of a CSR in 2.6 and 0.25...
CVE-2011-3848
Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request CSR to arbitrary locations via 1 a double-encoded key parameter in the URI in 2.7.x, 2 the CN in the Subject of a CSR in 2.6 and 0.25...