Lucene search
K

956 matches found

Tenable Nessus
Tenable Nessus
added 2014/06/18 12:0 a.m.68 views

IBM DB2 9.7 < Fix Pack 9a Multiple Vulnerabilities

According to its version, the installation of DB2 9.7 running on the remote host is prior to Fix Pack 9a. It is, therefore, affected by one or more of the following vulnerabilities : - An unspecified error exists related to handling malformed certificate chains that allows denial of service...

8.5CVSS6.9AI score0.03077EPSS
Exploits1References8
Metasploit
Metasploit
added 2014/05/04 1:4 a.m.48 views

Adobe Flash Player Integer Underflow Remote Code Execution

This module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 12.0.0.43. By supplying a specially crafted swf file it is possible to trigger an integer underflow in several avm2 instructions, which can be turned into remote code execution under the context of th...

9.8CVSS10AI score0.99883EPSS
Exploits7
NVD
NVD
added 2014/04/30 10:49 a.m.20 views

CVE-2014-0363

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

5.8CVSS5.7AI score0.0123EPSS
Exploits0References7
CVE
CVE
added 2014/04/30 10:0 a.m.74 views

CVE-2014-0363

CVE-2014-0363 affects Ignite Realtime Smack XMPP API: ServerTrustManager fails to verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, enabling MITM spoofing of servers and potential data leakage. The vulnerability is in the Smack API prior to 4.0.0-rc1. Remed...

5.8CVSS8.5AI score0.0123EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2014/04/30 10:0 a.m.36 views

CVE-2014-0363

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

5.5AI score0.0123EPSS
Exploits0References7
NVD
NVD
added 2014/03/25 1:25 p.m.21 views

CVE-2014-0628

The server in EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service daemon crash via unspecified vectors...

5CVSS6.6AI score0.01075EPSS
Exploits1References1
Cvelist
Cvelist
added 2014/03/25 1:0 a.m.26 views

CVE-2014-0628

The server in EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service daemon crash via unspecified vectors...

6.6AI score0.01075EPSS
Exploits1References1
myhack58
myhack58
added 2014/03/01 12:0 a.m.15 views

On the use of Adobe 0day – CVE-2 0 1 4-0 5 0 2 attack behavior analysis-vulnerability warning-the black bar safety net

The other day FireEye released a use AdobeFlash new 0day attack report, and Adobe has been based on vulnerabilities released a security update. According to FireEye report, many sites will redirect visitors to the following contain a Trojan the malicious Server: Peterson Institute for...

7.6AI score
Exploits0
Packet Storm
Packet Storm
added 2013/02/17 12:0 a.m.41 views

Photodex ProShow Producer 5.0.3297 Buffer Overflow

Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: Photodex ProShow Producer Vendor URL: www.photodex.com Type: Stack-based Buffer Overflow CWE-121 Date found: 2013-02-16 Date published: 2013-02-16 CVSSv2 Score: 6,8 AV:N/AC:M/Au:N/C:P/I:P/A:P...

0.5AI score
Exploits0
ThreatPost
ThreatPost
added 2012/10/26 4:30 p.m.12 views

IP Theft, Supply Chain Security Major Worries for Government, Former Cybersecurity Czar Says

ANAHEIM, CALIF.–The theft of intellectual property through attacks on U.S. networks, both government-owned and private, has become one of the major concerns for officials at the top level of the federal government, not just among security staffs, but at the upper echelons of the White House and...

7.1AI score
Exploits0References2
ThreatPost
ThreatPost
added 2012/04/10 11:53 a.m.17 views

Google Fixes SSL Certificate Error in Chrome

Google has released an update for Chrome that repairs a problem when users attempt to connect to sites over HTTPS. In some instances, the browser will return an error messages that tells the user that the requested site’s server certificate is invalid even when that’s not the case. Some users hav...

0.5AI score
Exploits0References2
Packet Storm
Packet Storm
added 2011/11/23 12:0 a.m.57 views

Wireshark 1.4.4 DECT Dissector Buffer Overflow

!/usr/bin/env python -- coding: iso-8859-15 -- a = """ \n\t-- CVE: 2011-1591 : Wireshark = 2.5 For any comments, remarks, news, please mail me : ipv at team . net \n""" import sys, struct if sys.versioninfo = 2, 5: from scapy.all import else: from scapy import align def xv: return struct.pack"I",...

9.3CVSS0.7AI score0.41744EPSS
Exploits18
exploitpack
exploitpack
added 2011/11/22 12:0 a.m.25 views

Wireshark 1.4.4 - DECT Dissector Remote Buffer Overflow

Wireshark 1.4.4 - DECT Dissector Remote Buffer Overflow !/usr/bin/env python -- coding: iso-8859-15 -- a = """ \n\t-- CVE: 2011-1591 : Wireshark = 2.5 For any comments, remarks, news, please mail me : ipv at team . net \n""" import sys, struct if sys.versioninfo = 2, 5: from scapy.all import else...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2011/11/22 12:0 a.m.40 views

Wireshark 1.4.4 - DECT Dissector Remote Buffer Overflow

!/usr/bin/env python -- coding: iso-8859-15 -- a = """ \n\t-- CVE: 2011-1591 : Wireshark = 2.5 For any comments, remarks, news, please mail me : ipv at team . net \n""" import sys, struct if sys.versioninfo = 2, 5: from scapy.all import else: from scapy import align def xv: return struct.pack"I",...

7.4AI score
Exploits0
Fedora
Fedora
added 2011/09/13 6:9 a.m.25 views

[SECURITY] Fedora 16 Update: rsyslog-5.8.5-1.fc16

Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is compatible with stock sysklogd and can be used as a drop-in replacement. Rsyslog is simple to set up,...

5CVSS1.5AI score0.20759EPSS
Exploits2
EUVD
EUVD
added 2011/08/29 8:0 p.m.6 views

EUVD-2011-0254

The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an...

7.5CVSS5.7AI score0.06387EPSS
Exploits1References10
securityvulns
securityvulns
added 2010/09/10 12:0 a.m.85 views

Mozilla Foundation Security Advisory 2010-59

Mozilla Foundation Security Advisory 2010-59 Title: SJOW creates scope chains ending in outer object Impact: Critical Announced: September 7, 2010 Reporter: Blake Kaplan Products: Firefox, Thunderbird Fixed in: Firefox 3.6.9 Thunderbird 3.1.3 Description Mozilla developer Blake Kaplan reported th...

6.8CVSS0.8AI score0.02024EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/09/09 12:0 a.m.38 views

FreeBSD : mozilla -- multiple vulnerabilities (4a21ce2c-bb13-11df-8e32-000f20797ede)

The Mozilla Project reports : MFSA 2010-49 Miscellaneous memory safety hazards rv:1.9.2.9/ 1.9.1.12 MFSA 2010-50 Frameset integer overflow vulnerability MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array MFSA 2010-52 Windows XP DLL loading vulnerability MFSA 2010-53 Heap buffer...

9.3CVSS9.3AI score0.22109EPSS
Exploits1References31
RedHat Linux
RedHat Linux
added 2010/09/08 12:24 a.m.3 views

Mozilla SJOW creates scope chains ending in outer object (MFSA 2010-59)

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper aka SJOW implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrom...

6.8CVSS7.7AI score0.02024EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2010/09/08 12:0 a.m.39 views

Firefox 3.6.x < 3.6.9 Multiple Vulnerabilities

Binary data 800747.prm...

9.3CVSS9.7AI score0.22109EPSS
Exploits2References31
Rows per page
Query Builder