957 matches found
Firefox / Konqueror / Safari certificate spoofing
Link between certificate and web site is not set, if certificate from unknown certification authirity is manually approved, making it's possible to use same certificate for different site withour warning...
CheckPoint Secure Platform Multiple Buffer Overflows
Hi all, we have published a paper about CheckPoint Firewall-1 vulnerabilities. The platform tested is the Secure Platform R60. We have found many buffer overflows. Most of them are located in command line utilities that can be exploited locally. A very few of them maybe can be exploited remotely,...
ScanAlert Security Advisory
ScanAlert Security Advisory http://www.scanalert.com Caucho Resin Multiple Vulnerabilities - Arbitrary File Access & Information Disclosure Date: 5/16/06 Vendor: Caucho Package: Resin Version: 3.0.17 and 3.0.18 – Vendor Confirmed Credit: ScanAlert’s Security and Enterprise Services Teams. Risk:...
[Full-disclosure] What's Up Professional Spoofing Authentication Bypass
What's Up Professional 2006 is vulnerable to a spoofing attack whereby the attacker can trick the application into thinking he/she is making a request from the console which is considered trusted. This attack will allow the attacker to bypass the authentication mechanism of the application and...
[SA17619] yaSSL Unspecified Certification Chain Processing Vulnerability
TITLE: yaSSL Unspecified Certification Chain Processing Vulnerability SECUNIA ADVISORY ID: SA17619 VERIFY ADVISORY: http://secunia.com/advisories/17619/ CRITICAL: Moderately critical IMPACT: Unknown WHERE: From remote SOFTWARE: yaSSL Library 1.x http://secunia.com/product/6145/ DESCRIPTION: A...
Low: Red Hat Security Advisory: vixie-cron security update
An updated vixie-cron package that fixes various bugs and a security issue is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specifie...
Cisco Secure ACS protection bypass
IF EAP-TLS is used validity of ceritifcation agency is not checked...
Mozilla certificate spoofing
Mozilla and Mozilla Firefox contains a flaw that may allow a malicious user to spoof SSL certification...
Re: BAD NEWS: Microsoft Security Bulletin MS03-032
The patch for Drew's object data=funky.hta doesn't work: This is the exact same issue as http://greymagic.com/adv/gm001-ie/, which explains the problem in detail. Microsoft again patches the object element in HTML, but it doesn't patch the dynamic version of that same element. 1. Disable Active...
Full Disclosure: Windows File Protection Arbitrary Certificate Chain Vulnerability
============================================================================ == SECURITY ALERT Windows File Protection Arbitrary Certificate Chain Vulnerability December 26, 2002 Full Disclosure, [email protected] and others December 24, 2002 Private Disclosure Jason Coombs [email protected]...
Immunity Canvas: APACHECHUNK_WIN32
Name| apachechunkwin32 ---|--- CVE| CVE-2002-0392 Exploit Pack| CANVAS Description| Apache Chunk win32 Notes| References: http://www.apache.org CVE Name: CVE-2002-0392 VENDOR: Apache Notes: Apache 1.3 through 1.3.24 Repeatability: Multiple tries Date public: 06/17/2002 CERT Advisory:...
IE fails to check certificates properly if initial SSL connection originates in an IFRAME or Image
Overview Several flaws exist in Microsoft Internet Explorer that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. These problems are different from the problems reported in CERT Advisory CA-2000-05 and CERT...
Linux news 19.09.00
Linux 2.2.18pre9 Alan Cox выпустил новую pre-версию следующего стабильного ядра Linux: 2.2.18pre9. В этой версии была поправлена поддержка NFS и была добавлена поддержка NFSv3, перенесены некоторые USB драйвера из Linux 2.4 и др. Подробнее:...
<Антивирус Касперского> получает сертификат Trojan Checkmark
No description provided...
icsa.certified.weak.crypto.txt
Date: Thu, 27 May 1999 00:24:26 -0700 From: Lucky Green To: [email protected] Subject: ICSA certifies weak crypto as secure I am becoming concerned about the apparent lack of professional competence within even well-known segments of the security community. I hope the incident I discovered is ...
ROS-2-3469
2.3469 Notification on the update of the Red OS OPERATIONAL SYSTEM MIS RED SOFT LLC notifies of the renewal of the previously obtained certificate of conformity of FSTEC of Russia 4060 until 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the...
ROS-2-4247
2.4247 Notification on the update of the Red OS OPERATIONAL SYSTEM MIS RED SOFT LLC notifies of the renewal of the previously obtained certificate of conformity of FSTEC of Russia 4060 until 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the...