1205 matches found
CVE-2008-3440
CVE-2008-3440 affects Sun Java 1.6.0_03 and earlier (potentially later versions) where updater authenticity is not properly verified, enabling a man-in-the-middle attacker to run arbitrary code via a Trojan horse update (as demonstrated by evilgrade and DNS cache poisoning). The connected sources...
CVE-2008-3433
SpeedBit Download Accelerator Plus DAP before 8.6.3.9 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...
Python: Multiple vulnerabilities
Background Python is an interpreted, interactive, object-oriented programming language. Description Multiple vulnerabilities were discovered in Python: David Remahl of Apple Product Security reported several integer overflows in core modules such as stringobject, unicodeobject, bufferobject,...
CVE-2008-3323
setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package...
Design/Logic Flaw
setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package...
SECOBJADV-2008-02: Cygwin Installation and Update Process can be Subverted Vulnerability
====================================================================== = Security Objectives Advisory SECOBJADV-2008-02 = ====================================================================== Cygwin Installation and Update Process can be Subverted Vulnerability...
CVE-2008-3045
Unspecified vulnerability in the Industry Database aka Branchendatenbank proindustrydb extension 1.0.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Insufficient Verification of Data Authenticity."...
Design/Logic Flaw
Unspecified vulnerability in the Industry Database aka Branchendatenbank proindustrydb extension 1.0.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Insufficient Verification of Data Authenticity."...
CVE-2008-3045
Technical details about CVE-2008-3045 are not publicly available in the provided documents. Monitor for updates; no confirmed affected product versions, root cause, impact, or fixes are listed here.
CVE-2008-3045
Unspecified vulnerability in the Industry Database aka Branchendatenbank proindustrydb extension 1.0.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Insufficient Verification of Data Authenticity."...
Multiple vulnerabilities in extension Send-A-Card (sr_sendcard)
It has been discovered that the extension Send-A-Card srsendcard is open to multiple security issues. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.2.2 and all versions below Vulnerability Type: Insufficient...
Shuriken Pro3 S/MIME signature verification does not verify the certificate authenticity
Overview Shuriken Pro3 contains a vulnerability in the S/MIME signature verification where the authenticity of the certificate is not verified when verifying the S/MIME digital signature of an email message. Impact A user can not notice a forged message when it is signed with a malicious digital...
TSRT-06-05: Computer Associates eTrust AntiVirus WebScan Automatic Update Code Execution Vulnerability
TSRT-06-05: Computer Associates eTrust AntiVirus WebScan Automatic Update Code Execution Vulnerability http://www.tippingpoint.com/security/advisories/TSRT-06-05.html August 7, 2006 -- CVE ID: CVE-2006-3976 CVE-2006-3977 -- Affected Vendor: Computer Associates -- Affected Products: eTrust AntiVir...
Novell Security Announcement NOVELL-SA:2006:001
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Novell Security Announcement Product Name: Novell GroupWise Announcement ID: NOVELL-SA:2006:001 Date: Wed Jun 28 13:00:00 MDT 2006 Affected Products: Novell GroupWise 5.x Novell GroupWise 6.0 Novell GroupWise 6.5 Novell GroupWise 7 Novell GroupWise...
GnuPG: Incorrect signature verification
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software that may be used without restriction, as it does not rely on any patented algorithms. GnuPG can be used to digitally sign messages, a method of ensuring the authenticity of a message using...
SUSE Security Announcement: novell-nrm remote heap overflow (SUSE-SA:2006:002)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUSE Security Announcement Package: novell-nrm Announcement ID: SUSE-SA:2006:002 Date: Fri, 13 Jan 2006 15:00:00 +0000 Affected Products: Open Enterprise Server Vulnerability Type: remote code execution Severity 1-10: 10 SUSE Default Package: yes...
Hydra: Cisco
This plugin runs Hydra to find Cisco passwords by brute force. To use this plugin, enter the 'Logins file' and the 'Passwords file' under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...
CVE-2003-0237
CVE-2003-0237 affects Mirabilis ICQ Pro 2003a via the ICQ Features on Demand spoofing vulnerability. The hard-coded DataURL for downloaded features in Packages.ini is not authenticated, allowing an attacker to impersonate the package repository and install malicious software, potentially enabling...
Full Disclosure: Windows File Protection Old Security Catalog Vulnerability
============================================================================ == SECURITY ALERT Windows File Protection Old Security Catalog Vulnerability December 26, 2002 Full Disclosure, [email protected] and others August 26, 2002 Private Disclosure, Microsoft Press and others Jason Coombs...
Blahz-DNS: Authentication bypass vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ppp-design found the following authentication bypass vulnerability in Blahz-DNS: Details - ------- Product: Blahz-DNS Affected Version: 0.2 and maybe all versions before Immune Version: 0.25 OS affected: OS indipentend php/mysql Vendor-URL:...