Lucene search
K

720 matches found

CISA
CISA
added 2012/09/28 12:0 a.m.16 views

Adobe Releases Security Bulletin About Code Signing Certificate

Adobe has released a security bulletin to address an issue with a current Adobe code signing certificate. The certificate to be revoked has been used to sign malicious code. The certificate will be revoked on October 4, 2012 for all software code signed after July 10, 2012. Adobe is issuing a new...

7AI score
Exploits0References1
ThreatPost
ThreatPost
added 2012/09/27 9:6 p.m.18 views

Valid Adobe Certificate Used to Sign Malicious Utilities Common in Targeted Attacks

Adobe announced today it was the victim of an APT-style attack after two malicious utilities commonly used in targeted attacks for privilege escalation and pivoting within a network were discovered signed by a valid Adobe digital certificate. Adobe said it will revoke the certificate next week...

0.6AI score
Exploits0References2
exploitpack
exploitpack
added 2012/08/27 12:0 a.m.12 views

Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042)

Microsoft Windows Kernel - Intel x64 SYSRET MS12-042 Source: http://packetstormsecurity.org/files/115908/sysret.rar This is proof of concept code that demonstrates the Microsoft Windows kernel Intel/x64 SYSRET vulnerability as described in MS12-042. The shellcode disables code signing and will...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2012/08/27 12:0 a.m.50 views

Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042)

Source: http://packetstormsecurity.org/files/115908/sysret.rar This is proof of concept code that demonstrates the Microsoft Windows kernel Intel/x64 SYSRET vulnerability as described in MS12-042. The shellcode disables code signing and will grant NT SYSTEM privileges to a specified application o...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.15 views

Scientific Linux Security Update : nss on SL4.x, SL5.x, SL6.x i386/x86_64

Network Security Services NSS is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority CA issued HTTPS certificates with weak keys. This update renders an...

5.6AI score
Exploits0References1
OpenVAS
OpenVAS
added 2012/07/30 12:0 a.m.21 views

CentOS Update for nss CESA-2011:1444 centos4 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5.3AI score
Exploits0References2
ThreatPost
ThreatPost
added 2012/06/06 7:32 p.m.21 views

Microsoft Details Flame Hash-Collision Attack

The details of the collision attack used by the Flame malware authors to create a forged code-signing certificate for Microsoft code are beginning to emerge, and the company said that the attackers used an MD5 hash collision specifically to ensure that their attack would work on machines running...

2.2AI score
Exploits0References4
securityvulns
securityvulns
added 2012/06/06 12:0 a.m.130 views

US-CERT Alert TA12-156A -- Microsoft Windows Unauthorized Digital Certificates

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA12-156A Microsoft Windows Unauthorized Digital Certificates Original release date: June 04, 2012 Last revised: -- Source: US-CERT Systems Affected All supported versions of Microsoft Windows...

0.2AI score
Exploits0
ThreatPost
ThreatPost
added 2012/06/05 11:46 a.m.11 views

Flame Attackers Used Collision Attack to Forge Microsoft Certificate

The attackers behind the Flame malware used a collision attack against a cryptographic algorithm as part of the method for gaining a forged certificate to sign specific components of the attack tool. Microsoft officials said on Tuesday that it’s imperative for customers to install the update issu...

1.9AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2012/06/04 12:0 a.m.32 views

MS KB2718704: Unauthorized Digital Certificates Could Allow Spoofing (deprecated)

The remote host is missing KB2718704, which updates the system's SSL certificate blacklist. Certificates issued by the Microsoft Terminal Services licensing certification authority can be used to sign code as Microsoft. An attacker could exploit this to spoof content or perform man-in-the-middle...

Exploits0References3
ThreatPost
ThreatPost
added 2012/05/31 5:54 p.m.10 views

Apple Details iOS Security Features in New Guide

Apple has released a detailed security guide for its iOS operating system, an unprecedented move for a company known for not discussing the technical details of its products, let alone the security architecture. The document lays out the system architecture, data protection capabilities and netwo...

0.1AI score
Exploits0References4
securityvulns
securityvulns
added 2012/02/15 12:0 a.m.48 views

NX Web Companion Spoofing Arbitrary Code Execution Vulnerability

Vuln Title: NX Web Companion Spoofing Arbitrary Code Execution Vulnerability Date: 25.01.2012 Author: otr Software Link: http://www.nomachine.com/documents/plugin/install.php Version: = 3.x Tested on: Linux, Windows, Mac OS X x86, Mac OS X PPC, Solaris CVE : None, yet Summary The No Machine NX We...

1.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/02/14 12:0 a.m.34 views

Apple iOS < 5.0.1 Multiple Vulnerabilities

Binary data appleios501check.nbin...

9.3CVSS7.8AI score0.05329EPSS
Exploits5References6
Hewlett-Packard
Hewlett-Packard
added 2011/11/28 12:0 a.m.43 views

HPSBPI02728 SSRT100692 rev.7 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default

Potential Security Impact Remote firmware update enabled by default VULNERABILITY SUMMARY In November, 2011, a potential security vulnerability was identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware...

10CVSS1.7AI score0.13953EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/11/28 12:0 a.m.18 views

Fedora 14 : nss-3.12.10-7.fc14 (2011-15586)

This security update revokes trust in DigiCert Sdn. Bhd Intermediate Certificate Authority from NSS - rhbz751674 It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority CA issued HTTPS certificates with weak keys. This update renders any HTTPS certificates signed...

5.5AI score
Exploits0References2
Amazon
Amazon
added 2011/11/19 12:0 a.m.10 views

Medium: nss

Issue Overview: It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority CA issued HTTPS certificates with weak keys. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and co...

7.2AI score
Exploits0References1
ThreatPost
ThreatPost
added 2011/11/11 4:45 p.m.23 views

Apple Releases iOS Patch Fixing Flaw That Led to Charlie Miller's Expulsion

Apple shipped an update to their IOS mobile platform on Thursday that included patches for a number of security vulnerabilities, including a resolution for a vulnerability that led to the expulsion of renowned security researcher, Charlie Miller, from Apple’s developer program. As reported by...

Exploits0References8
OpenVAS
OpenVAS
added 2011/11/11 12:0 a.m.19 views

RedHat Update for nss RHSA-2011:1444-01

Check for the Version of nss OpenVAS Vulnerability Test RedHat Update for nss RHSA-2011:1444-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

7.4AI score
Exploits0References2
OpenVAS
OpenVAS
added 2011/11/11 12:0 a.m.17 views

CentOS Update for nss CESA-2011:1444 centos4 i386

Check for the Version of nss OpenVAS Vulnerability Test CentOS Update for nss CESA-2011:1444 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

7.4AI score
Exploits0References2
OpenVAS
OpenVAS
added 2011/11/11 12:0 a.m.14 views

RedHat Update for nss RHSA-2011:1444-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

7.5AI score
Exploits0References2
Rows per page
Query Builder