Lucene search
K

3573 matches found

securityvulns
securityvulns
added 2010/06/09 12:0 a.m.49 views

Microsoft .Net XML signing protection bypass

Only part of signature is compared in case of incomplete HMAC...

5CVSS1.5AI score0.06348EPSS
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2010/06/03 3:20 p.m.7 views

Facebook Developer Verification Won't Stop Rogue Apps

Looking to clamp down on the escalation of malicious apps on its popular social network, Facebook will now require that every developer to verify their Facebook account by providing a mobile phone number or adding a credit card to their account. While this is clearly a step in the right direction...

0.7AI score
Exploits0References4
OpenVAS
OpenVAS
added 2010/05/31 12:0 a.m.8 views

IT-Grundschutz M4.334: SMB Message Signing und Samba

IT-Grundschutz M4.334: SMB Message Signing und Samba ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94241 Diese Prüfung bezieht sich auf die 11. Ergänzungslieferung 11...

Exploits0References1
OpenVAS
OpenVAS
added 2010/05/31 12:0 a.m.14 views

IT-Grundschutz M4.334: SMB Message Signing und Samba

IT-Grundschutz M4.334: SMB Message Signing und Samba ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94241 Diese Prüfung bezieht sich auf die 11. Ergänzungslieferung 11...

7.4AI score
Exploits0References1
ThreatPost
ThreatPost
added 2010/04/14 8:9 p.m.8 views

iPhone Sandbox Model Not Enough

The iPhone sandbox has always been held up as a major roadblock to thwart hackers from doing damage on the device. But, as European researchers Vincenzo Iozzo and Ralf Philipp Weinmann proved, a hacker can hijack a lot of sensitive data without ever leaving the iPhone sandbox. In this case, they...

0.8AI score
Exploits0References1
exploitpack
exploitpack
added 2010/04/11 12:0 a.m.19 views

Aladdin eToken PKI Client 4.5 - Virtual File Handling Memory Corruption (PoC)

Aladdin eToken PKI Client 4.5 - Virtual File Handling Memory Corruption PoC !/usr/bin/perl -w Title: Aladdin eToken PKI Client v4.5 Virtual File Handling Unspecified Memory Corruption PoC Summary: The eToken PKI Client is the software that enables eToken USB operation and the implementation of...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2010/04/11 12:0 a.m.31 views

Aladdin eToken PKI Client 4.5 - Virtual File Handling Memory Corruption (PoC)

!/usr/bin/perl -w Title: Aladdin eToken PKI Client v4.5 Virtual File Handling Unspecified Memory Corruption PoC Summary: The eToken PKI Client is the software that enables eToken USB operation and the implementation of eToken PKI-based solutions. These solutions include certificate-based strong...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2010/03/24 10:55 p.m.11 views

iPhone Hacked at Pwn2Own; SMS Database Stolen

VANCOUVER, BC — A pair of European researchers used the spotlight of the CanSecWest Pwn2Own hacking contest here to break into a fully patched iPhone and hijack the entire SMS database, including text messages that had already been deleted. Using an exploit against a previously unknown...

6.9AI score
Exploits0References1
myhack58
myhack58
added 2009/11/05 12:0 a.m.24 views

For Kaspersky 2 0 1 0 the free kill study-vulnerability warning-the black bar safety net

Article author: chinafe For Kaspersky 2 0 1 0free to killresearch Kaspersky 2 0 1 0 for digital signing and System File Protection becomes very strict, the registry does not say that after so many years the upgrade is basically no use value, Kaspersky 2 0 1 0 the previous version can modify the...

Exploits0
UbuntuCve
UbuntuCve
added 2009/09/29 11:30 p.m.28 views

CVE-2009-3474

OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just...

7.5CVSS5.9AI score0.01544EPSS
Exploits0References1
Prion
Prion
added 2009/09/29 11:30 p.m.17 views

Code injection

OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just...

7.5CVSS6.8AI score0.01544EPSS
Exploits0References9Affected Software3
OSV
OSV
added 2009/09/29 11:30 p.m.1 views

DEBIAN-CVE-2009-3474

OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just...

7.5CVSS6.9AI score0.01544EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2009/09/29 11:0 p.m.24 views

CVE-2009-3474

OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just...

7.5CVSS6.4AI score0.01544EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/08/24 12:0 a.m.32 views

RHEL 4 / 5 : java-1.5.0-sun (RHSA-2007:0963)

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having important security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...

10CVSS5.9AI score0.0503EPSS
Exploits0References15
NVD
NVD
added 2009/08/06 6:30 p.m.15 views

CVE-2008-6909

Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges...

6.5CVSS6.9AI score0.01115EPSS
Exploits0References5
Cvelist
Cvelist
added 2009/08/06 6:0 p.m.23 views

CVE-2008-6909

Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges...

6.9AI score0.01115EPSS
Exploits0References5
securityvulns
securityvulns
added 2009/05/26 12:0 a.m.37 views

ATEN IP KVM Switches multiple cryptographic vulnerabilities

Same SSL certificate is used for all devices, static symmetric key is used for code signing, mouse events are not encrypted, predictable session key is used...

10CVSS1.5AI score0.03191EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2009/04/21 6:54 p.m.41 views

Charney plugs Microsoft end-to-end trust at RSA Conference

Scott Charney used his keynote speech at the RSA Conference on Tuesday to talk up a variety of hardware and software-based technologies meant to infuse the Internet with more trust. Charney, the head of Microsoft’s Trustworthy Computing team, talked about the need for greater adoption of TPMs, co...

9.3CVSS0.8AI score0.99945EPSS
Exploits33References1
Kaspersky
Kaspersky
added 2009/04/16 12:0 a.m.57 views

KLA10137 ACE vulnerability in DivX Web Player

An integer signing error was found in DivX Web Player. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed DivX file. Original advisories - Related products DivX-Web-Player CVE list CVE-2008-5259 critic...

9.3CVSS7.4AI score0.05718EPSS
Exploits2References2
Packet Storm
Packet Storm
added 2009/03/27 12:0 a.m.32 views

Free PHP Petition Signing Script SQL Injection

|| || | || o,7 || . o7 || q||| ow, : / / . Free PHP Petition Signing Script Release Login SQL injection Qabandi | iqaahotmail.fr From Kuwait, Peace. Salamz: Killer Hack, Ghost-R00t, Mr.Mn7os, Cyb3rT Download: http://www.rediscussed.com/2008/01/18/free-php-petition-signing-script-release/...

0.4AI score
Exploits0
Rows per page
Query Builder