PT-2008-3224 · Netscape +1 · Netscape Certificate Management System +1

Name of the Vulnerable Software and Affected Versions: Red Hat Certificate System versions 7.1 through 7.3 Netscape Certificate Management System version 6.x Description: The issue allows remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a...

Microsoft Outlook information leak (callback)

By setting CA certificate URL field in certificate used for message signing, it's possible to force Outlook to issue HTTP request without user intervation...

System: incorrect handling of Extensions in CSRs (cs71)

Red Hat PKI Common Framework rhpki-common in Red Hat Certificate System aka Certificate Server or RHCS 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended...

Important: Red Hat Security Advisory: rhpki-common security update

Updated rhpki-common packages that fix a security issue are now available for Red Hat Certificate System 7.2. This update has been rated as having important security impact by the Red Hat Security Response Team. Red Hat Certificate System RHCS is an enterprise software system designed to manage...

Important: Red Hat Security Advisory: rhpki-common security update

An updated rhpki-common package that fixes a security issue is now available for Red Hat Certificate System 7.3. This update has been rated as having important security impact by the Red Hat Security Response Team. Red Hat Certificate System RHCS is an enterprise software system designed to manag...

Firefox arbitrary signed JAR code execution

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via 1 injection of JavaScript into documents within a JAR archive or 2 a JAR archive that uses relative URLs to JavaScript files...

Firefox arbitrary signed JAR code execution

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via 1 injection of JavaScript into documents within a JAR archive or 2 a JAR archive that uses relative URLs to JavaScript files...

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : openssl-blacklist update (USN-612-9)

USN-612-3 addressed a weakness in OpenSSL certificate and key generation in OpenVPN by introducing openssl-blacklist to aid in detecting vulnerable private keys. This update enhances the openssl-vulnkey tool to check Certificate Signing Requests, accept input from STDIN, and check moduli without ...

samba security and bug fix update

3.0.28-1.el52.1 - Security fix for CVE-2008-1105 - Fix join verification - Fix smb signing - resolves: CVE-2008-1105 - resolves: 447380 - resolves: 444637...

CVE-2008-1184

The DNSSEC validation library libval library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks...

CVE-2008-0862

CVE-2008-0862 affects IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0. The issue arises when forwarding an email, where Notes signs an unsigned applet, potentially bypassing the Execution Control List (ECL). The NVD entry lists the impact as user-assisted remote execution with partial confidentiality impa...

Debian Security Advisory DSA 429-2 (gnupg)

The remote host is missing an update to gnupg announced via advisory DSA 429-2. OpenVAS Vulnerability Test $Id: deb4292.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 429-2 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 429-2 (gnupg)

The remote host is missing an update to gnupg announced via advisory DSA 429-2. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Office unsigned data

Metadata file and hyperlink desination is not signed on document signing...

CVE-2007-6329

Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML OOXML documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the 1 LastModifiedBy and 2 creator fields in docProps/core.xml in the OOXML...

CVE-2007-6329

Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML OOXML documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the 1 LastModifiedBy and 2 creator fields in docProps/core.xml in the OOXML...

OpenOffice certificate information spoofing

It's possible to spoof information about certificate used for signing...

CVE-2007-5351

Unspecified vulnerability in Server Message Block Version 2 SMBv2 signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."...

Microsoft Windows Vista SMBv2 packets signature bypass

Invalid implementation of digital signing...

CVE-2007-5351

Unspecified vulnerability in Server Message Block Version 2 SMBv2 signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."...