12 matches found
CVE-2014-7598
The Poker Puzzle aka com.sharpiq.pokerpuzzle application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7430
The Flood-It aka com.appspot.eoltek.flood application 4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7354
The Penumbra eMag aka com.magzter.penumbraemag application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-6824
The kamkomesan aka com.anek.kamkomesan application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix
It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...
python: hostname check bypassing vulnerability in SSL module
The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...
Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704)
The host is installed with Microsoft Windows operating system and is prone to digital certificates spoofing vulnerability. OpenVAS Vulnerability Test $Id: gbunauthdigitalcertspoofingvuln.nasl 5341 2017-02-18 16:59:12Z cfi $ Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerabilit...
CVE-2010-1194
The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...
PHP multiple security vulnerabilities
Certificates spoofing, memory corruptions on images parsing, information leakage...
xmltooling / opensaml / Shibboleth multiple security vulnerabilities
Certificates spoofing, memory corruption...
CVE-2001-1568
The CVE-2001-1568 issue affects the CMG WAP gateway, where the system fails to verify the fully qualified domain name in the URL against X.509 certificates issued by root CAs. This hostname verification gap enables remote attackers to perform a man-in-the-middle attack to spoof SSL certificates, ...
DEBIAN-CVE-2005-0238
The International Domain Name IDN support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks...