Lucene search
+L

1205 matches found

CVE
CVE
added 2008/08/01 2:0 p.m.57 views

CVE-2008-3440

CVE-2008-3440 affects Sun Java 1.6.0_03 and earlier (potentially later versions) where updater authenticity is not properly verified, enabling a man-in-the-middle attacker to run arbitrary code via a Trojan horse update (as demonstrated by evilgrade and DNS cache poisoning). The connected sources...

7.5CVSS7.5AI score0.02409EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2008/08/01 2:0 p.m.22 views

CVE-2008-3433

SpeedBit Download Accelerator Plus DAP before 8.6.3.9 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...

7.4AI score0.0184EPSS
Exploits0References3
Gentoo Linux
Gentoo Linux
added 2008/07/31 12:0 a.m.45 views

Python: Multiple vulnerabilities

Background Python is an interpreted, interactive, object-oriented programming language. Description Multiple vulnerabilities were discovered in Python: David Remahl of Apple Product Security reported several integer overflows in core modules such as stringobject, unicodeobject, bufferobject,...

7.5CVSS8.5AI score0.04493EPSS
Exploits6
NVD
NVD
added 2008/07/28 5:41 p.m.21 views

CVE-2008-3323

setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package...

7.6CVSS7.4AI score0.02649EPSS
Exploits2References9
Prion
Prion
added 2008/07/28 5:41 p.m.16 views

Design/Logic Flaw

setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package...

7.6CVSS8AI score0.02649EPSS
Exploits2References9Affected Software1
securityvulns
securityvulns
added 2008/07/26 12:0 a.m.66 views

SECOBJADV-2008-02: Cygwin Installation and Update Process can be Subverted Vulnerability

====================================================================== = Security Objectives Advisory SECOBJADV-2008-02 = ====================================================================== Cygwin Installation and Update Process can be Subverted Vulnerability...

7.6CVSS6.6AI score0.95182EPSS
Exploits23
NVD
NVD
added 2008/07/07 6:41 p.m.15 views

CVE-2008-3045

Unspecified vulnerability in the Industry Database aka Branchendatenbank proindustrydb extension 1.0.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Insufficient Verification of Data Authenticity."...

7.5CVSS6.5AI score0.01422EPSS
Exploits0References3
Prion
Prion
added 2008/07/07 6:41 p.m.16 views

Design/Logic Flaw

Unspecified vulnerability in the Industry Database aka Branchendatenbank proindustrydb extension 1.0.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Insufficient Verification of Data Authenticity."...

7.5CVSS7AI score0.01422EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2008/07/07 6:20 p.m.45 views

CVE-2008-3045

Technical details about CVE-2008-3045 are not publicly available in the provided documents. Monitor for updates; no confirmed affected product versions, root cause, impact, or fixes are listed here.

7.5CVSS6.5AI score0.01422EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2008/07/07 6:20 p.m.23 views

CVE-2008-3045

Unspecified vulnerability in the Industry Database aka Branchendatenbank proindustrydb extension 1.0.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Insufficient Verification of Data Authenticity."...

6.5AI score0.01422EPSS
Exploits0References3
Typo3
Typo3
added 2008/07/01 12:0 a.m.21 views

Multiple vulnerabilities in extension Send-A-Card (sr_sendcard)

It has been discovered that the extension Send-A-Card srsendcard is open to multiple security issues. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.2.2 and all versions below Vulnerability Type: Insufficient...

6.6AI score
Exploits0Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.5 views

Shuriken Pro3 S/MIME signature verification does not verify the certificate authenticity

Overview Shuriken Pro3 contains a vulnerability in the S/MIME signature verification where the authenticity of the certificate is not verified when verifying the S/MIME digital signature of an email message. Impact A user can not notice a forged message when it is signed with a malicious digital...

5CVSS6.8AI score
Exploits0References2
securityvulns
securityvulns
added 2006/08/08 12:0 a.m.34 views

TSRT-06-05: Computer Associates eTrust AntiVirus WebScan Automatic Update Code Execution Vulnerability

TSRT-06-05: Computer Associates eTrust AntiVirus WebScan Automatic Update Code Execution Vulnerability http://www.tippingpoint.com/security/advisories/TSRT-06-05.html August 7, 2006 -- CVE ID: CVE-2006-3976 CVE-2006-3977 -- Affected Vendor: Computer Associates -- Affected Products: eTrust AntiVir...

9.3CVSS1AI score0.03761EPSS
Exploits0
securityvulns
securityvulns
added 2006/06/30 12:0 a.m.47 views

Novell Security Announcement NOVELL-SA:2006:001

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Novell Security Announcement Product Name: Novell GroupWise Announcement ID: NOVELL-SA:2006:001 Date: Wed Jun 28 13:00:00 MDT 2006 Affected Products: Novell GroupWise 5.x Novell GroupWise 6.0 Novell GroupWise 6.5 Novell GroupWise 7 Novell GroupWise...

5CVSS0.01892EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2006/03/10 12:0 a.m.40 views

GnuPG: Incorrect signature verification

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software that may be used without restriction, as it does not rely on any patented algorithms. GnuPG can be used to digitally sign messages, a method of ensuring the authenticity of a message using...

5CVSS6.6AI score0.02373EPSS
Exploits0
securityvulns
securityvulns
added 2006/01/15 12:0 a.m.47 views

SUSE Security Announcement: novell-nrm remote heap overflow (SUSE-SA:2006:002)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUSE Security Announcement Package: novell-nrm Announcement ID: SUSE-SA:2006:002 Date: Fri, 13 Jan 2006 15:00:00 +0000 Affected Products: Open Enterprise Server Vulnerability Type: remote code execution Severity 1-10: 10 SUSE Default Package: yes...

7.5CVSS7AI score0.05715EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2004/12/01 12:0 a.m.30 views

Hydra: Cisco

This plugin runs Hydra to find Cisco passwords by brute force. To use this plugin, enter the 'Logins file' and the 'Passwords file' under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...

5.4AI score
Exploits0
CVE
CVE
added 2003/05/07 4:0 a.m.55 views

CVE-2003-0237

CVE-2003-0237 affects Mirabilis ICQ Pro 2003a via the ICQ Features on Demand spoofing vulnerability. The hard-coded DataURL for downloaded features in Packages.ini is not authenticated, allowing an attacker to impersonate the package repository and install malicious software, potentially enabling...

7.5CVSS5.6AI score0.01588EPSS
Exploits0References5Affected Software1
securityvulns
securityvulns
added 2002/12/28 12:0 a.m.43 views

Full Disclosure: Windows File Protection Old Security Catalog Vulnerability

============================================================================ == SECURITY ALERT Windows File Protection Old Security Catalog Vulnerability December 26, 2002 Full Disclosure, [email protected] and others August 26, 2002 Private Disclosure, Microsoft Press and others Jason Coombs...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2002/04/30 12:0 a.m.34 views

Blahz-DNS: Authentication bypass vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ppp-design found the following authentication bypass vulnerability in Blahz-DNS: Details - ------- Product: Blahz-DNS Affected Version: 0.2 and maybe all versions before Immune Version: 0.25 OS affected: OS indipentend php/mysql Vendor-URL:...

7.3AI score
Exploits0
Rows per page
Query Builder