CVE-2013-0243

haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections...

Code injection

haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections...

CVE-2013-0243

TLS-lib haskell-tls-extra prior to 0.6.1 fails to enforce Basic Constraints in certificate validation, treating any cert as a CA. This enables MITM via forged certs. Remediation: upgrade to 0.6.1 or newer; affected versions include those before 0.6.1 per HSEC-2023-0005 and RH/NVD records.

CVE-2013-0243

haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections...

PT-2019-6839

Name of the Vulnerable Software and Affected Versions haskell-tls-extra versions prior to 0.6.1 Description The issue concerns a problem with certificate validation where the Basic Constraints attribute is not properly checked. This means any certificate is treated as a CA certificate, allowing a...

Microsoft Visual Basic 2010 Express XML Injection

Exploit Title: Microsoft Visual Basic 2010 Express - XML External Entity Injection Exploit Author: ZwX Exploit Date: 2019-12-03 Version Software : 10.0.30319.1 RTMRel Vendor Homepage : https://www.microsoft.com/ Software Link:...

Microsoft Visual Basic 2010 Express - XML External Entity Injection

Microsoft Visual Basic 2010 Express - XML External Entity Injection Exploit Title: Microsoft Visual Basic 2010 Express - XML External Entity Injection Exploit Author: ZwX Exploit Date: 2019-12-03 Version Software : 10.0.30319.1 RTMRel Vendor Homepage : https://www.microsoft.com/ Software Link:...

Microsoft Visual Basic 2010 Express - XML External Entity Injection Exploit

Exploit Title: Microsoft Visual Basic 2010 Express - XML External Entity Injection Exploit Author: ZwX Exploit Date: 2019-12-03 Version Software : 10.0.30319.1 RTMRel Vendor Homepage : https://www.microsoft.com/ Software Link:...

Microsoft Visual Basic 2010 Express - XML External Entity Injection

Exploit Title: Microsoft Visual Basic 2010 Express - XML External Entity Injection Exploit Author: ZwX Exploit Date: 2019-12-03 Version Software : 10.0.30319.1 RTMRel Vendor Homepage : https://www.microsoft.com/ Software Link:...

November 12, 2019—KB4525243 (Monthly Rollup)

November 12, 2019—KB4525243 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4520012 released October 15, 2019 and addresses the following issues: Addresses an issue that prevents a 16-bit Visual Basic 3 VB3 application or oth...

CVE-2019-5643

Computing For Good's Basic Laboratory Information System also known as C4G BLIS version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may enumerate the user names and facility names in use on a particular installation...

CVE-2019-5617

Computing For Good's Basic Laboratory Information System also known as C4G BLIS version 3.4 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may change the password of any administrator-level user...

Improper access control

Computing For Good's Basic Laboratory Information System also known as C4G BLIS version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator...

DEBIAN-CVE-2013-6275

Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php...

AtomShields Cli - Security Testing Framework For Repositories And Source Code

AtomShields Cli is a Command-Line Interface to use the software AtomShields Installation pip install atomshieldscli Basic usage ascli --target --name The allowed action values are: install : To install a checker or a report, depending the context setted. uninstall : To uninstall a checker or a...

Incorrect Authentication Leading To Impersonation

Search Guard Kibana Plugin is susceptible to incorrect authentication. It is possible for a Kibana user to impersonate as kibanaserver user by submitting incorrect credentials and by fulfilling following conditions: 1 Kibana is configured to use Single-Sign-On as authentication method, one of...

The vulnerability of the VBScript script handler in Internet Explorer allows a hacker to execute arbitrary code.

The vulnerability of VBScript script handlers in Internet Explorer exists due to errors in memory object handling. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...

CVE-2019-17393

The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP in cleartext that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and...

CVE-2019-17393

The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP in cleartext that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and...

Authentication flaw

The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP in cleartext that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and...