52 matches found
CVE-2012-5003
CVE-2012-5003 concerns nxapplet.jar in No Machine NX Web Companion 3.x and earlier. The update authenticity check is insufficient, allowing a user-assisted remote attacker to execute arbitrary code via a crafted (SiteUrl) or (RedirectUrl) parameter that points to a Trojan Horse client.zip update ...
Apple iTunes RCE Vulnerability (HT5030) - Windows
Apple iTunes is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:itunes"...
INSECT Pro 2.7 - Penetration testing tool download
INSECT Pro 2.7 - Penetration testing tool download INSECT Pro 2.7 - Ultimate is here! This penetration security auditing and testing software solutionis designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities and implement active...
openSUSE Security Update : w3m (openSUSE-SU-2010:0393-1)
w3m did not handle embedded nul characters in the common name and in subject alternative names of x509 certificates. CVE-2010-2074 has been assigned to this issue. This update also turns on verification of x509 certificates by default which was not the case before. %NASLMINLEVEL 70300 C Tenable...
CVE-2008-3435
LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...
Design/Logic Flaw
SpeedBit Download Accelerator Plus DAP before 8.6.3.9 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...
Design/Logic Flaw
LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...
CVE-2008-3439
SpeedBit Video Acceleration before 2.2.1.8 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...
CVE-2008-3442
WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...
KLA10244 ACE vulnerability in LinkedIn Browser Toolbar
Improper update verification was found in the LinkedIn Browser Toolbar. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a man-in-the-middle attack. Original advisories - Related products LinkedIn-Internet-Explorer-Toolb...
PT-2008-4841 · Apple · Macos X
Name of the Vulnerable Software and Affected Versions: Apple Mac OS X affected versions not specified Description: The issue is related to the improper verification of update authenticity, allowing man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. This can be achiev...
Critical: Red Hat Security Advisory: thunderbird security update
Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Two flaws were found in...