3573 matches found
Microsoft .Net XML signing protection bypass
Only part of signature is compared in case of incomplete HMAC...
Facebook Developer Verification Won't Stop Rogue Apps
Looking to clamp down on the escalation of malicious apps on its popular social network, Facebook will now require that every developer to verify their Facebook account by providing a mobile phone number or adding a credit card to their account. While this is clearly a step in the right direction...
IT-Grundschutz M4.334: SMB Message Signing und Samba
IT-Grundschutz M4.334: SMB Message Signing und Samba ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94241 Diese Prüfung bezieht sich auf die 11. Ergänzungslieferung 11...
IT-Grundschutz M4.334: SMB Message Signing und Samba
IT-Grundschutz M4.334: SMB Message Signing und Samba ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94241 Diese Prüfung bezieht sich auf die 11. Ergänzungslieferung 11...
iPhone Sandbox Model Not Enough
The iPhone sandbox has always been held up as a major roadblock to thwart hackers from doing damage on the device. But, as European researchers Vincenzo Iozzo and Ralf Philipp Weinmann proved, a hacker can hijack a lot of sensitive data without ever leaving the iPhone sandbox. In this case, they...
Aladdin eToken PKI Client 4.5 - Virtual File Handling Memory Corruption (PoC)
Aladdin eToken PKI Client 4.5 - Virtual File Handling Memory Corruption PoC !/usr/bin/perl -w Title: Aladdin eToken PKI Client v4.5 Virtual File Handling Unspecified Memory Corruption PoC Summary: The eToken PKI Client is the software that enables eToken USB operation and the implementation of...
Aladdin eToken PKI Client 4.5 - Virtual File Handling Memory Corruption (PoC)
!/usr/bin/perl -w Title: Aladdin eToken PKI Client v4.5 Virtual File Handling Unspecified Memory Corruption PoC Summary: The eToken PKI Client is the software that enables eToken USB operation and the implementation of eToken PKI-based solutions. These solutions include certificate-based strong...
iPhone Hacked at Pwn2Own; SMS Database Stolen
VANCOUVER, BC — A pair of European researchers used the spotlight of the CanSecWest Pwn2Own hacking contest here to break into a fully patched iPhone and hijack the entire SMS database, including text messages that had already been deleted. Using an exploit against a previously unknown...
For Kaspersky 2 0 1 0 the free kill study-vulnerability warning-the black bar safety net
Article author: chinafe For Kaspersky 2 0 1 0free to killresearch Kaspersky 2 0 1 0 for digital signing and System File Protection becomes very strict, the registry does not say that after so many years the upgrade is basically no use value, Kaspersky 2 0 1 0 the previous version can modify the...
CVE-2009-3474
OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just...
Code injection
OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just...
DEBIAN-CVE-2009-3474
OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just...
CVE-2009-3474
OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just...
RHEL 4 / 5 : java-1.5.0-sun (RHSA-2007:0963)
Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having important security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...
CVE-2008-6909
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges...
CVE-2008-6909
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges...
ATEN IP KVM Switches multiple cryptographic vulnerabilities
Same SSL certificate is used for all devices, static symmetric key is used for code signing, mouse events are not encrypted, predictable session key is used...
Charney plugs Microsoft end-to-end trust at RSA Conference
Scott Charney used his keynote speech at the RSA Conference on Tuesday to talk up a variety of hardware and software-based technologies meant to infuse the Internet with more trust. Charney, the head of Microsoft’s Trustworthy Computing team, talked about the need for greater adoption of TPMs, co...
KLA10137 ACE vulnerability in DivX Web Player
An integer signing error was found in DivX Web Player. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed DivX file. Original advisories - Related products DivX-Web-Player CVE list CVE-2008-5259 critic...
Free PHP Petition Signing Script SQL Injection
|| || | || o,7 || . o7 || q||| ow, : / / . Free PHP Petition Signing Script Release Login SQL injection Qabandi | iqaahotmail.fr From Kuwait, Peace. Salamz: Killer Hack, Ghost-R00t, Mr.Mn7os, Cyb3rT Download: http://www.rediscussed.com/2008/01/18/free-php-petition-signing-script-release/...