Lucene search
+L

16 matches found

bdu_fstec
bdu_fstec
added 2020/01/20 12:0 a.m.6 views

The vulnerability in the programming interface of the Windows CryptoAPI (Crypt32.dll) on Windows operating systems allows attackers to circumvent existing security restrictions and execute a type of “man-in-the-middle” attack.

The vulnerability of the Windows CryptoAPI Crypt32.dll programming interface on Windows operating systems is related to errors in authenticating ECC certificates. Exploiting this vulnerability allows a remote attacker to circumvent existing security restrictions and execute a type of...

9.4CVSS7.3AI score0.89436EPSS
Exploits14References3
exploitdb
exploitdb
added 2020/01/15 12:0 a.m.336 views

Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate

EDB Note Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47933.zip require 'openssl' raw = File.read "ca.crt" cacert = OpenSSL::X509::Certificate.newraw Parse public key from CA cakey = cacert.publickey if !cakey.instanceof? OpenSSL::PKey::EC then puts "...

7.4AI score
Exploits0
nvd
nvd
added 2020/01/14 11:15 p.m.28 views

CVE-2020-0601

A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...

8.1CVSS8.4AI score0.89436EPSS
Exploits14References4
prion
prion
added 2020/01/14 11:15 p.m.19 views

Spoofing

A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...

5.8CVSS7.9AI score0.89436EPSS
Exploits14References3Affected Software3
cvelist
cvelist
added 2020/01/14 11:11 p.m.53 views

CVE-2020-0601

A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...

8.2AI score0.89436EPSS
Exploits14References3
cve
cve
added 2020/01/14 11:11 p.m.1366 views

CVE-2020-0601

The CVE-2020-0601 issue affects Windows CryptoAPI (Crypt32.dll) and its ECC certificate validation, enabling a spoofing attack where a forged code-signing certificate could make malware appear trusted. Affected platforms include Windows 10 and Windows Server 2016/2019, with the vulnerability tied...

8.1CVSS7.6AI score0.89436EPSS
In wildExploits14References4Affected Software12
thn
thn
added 2020/01/14 6:40 p.m.7 views

Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA

After Adobe today releases its first Patch Tuesday updates for 2020, Microsoft has now also published its January security advisories warning billions of users of 49 new vulnerabilities in its various products. What's so special about the latest Patch Tuesday is that one of the updates fixes a...

8.1CVSS7.7AI score0.89436EPSS
Exploits14
thn
thn
added 2020/01/14 6:40 p.m.867 views

Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA

After Adobe today releases its first Patch Tuesday updates for 2020, Microsoft has now also published its January security advisories warning billions of users of 49 new vulnerabilities in its various products. What's so special about the latest Patch Tuesday is that one of the updates fixes a...

10CVSS0.5AI score0.89436EPSS
Exploits23
avleonov
avleonov
added 2020/01/14 6:2 p.m.161 views

Big Microsoft day: EOL for Win7, Win2008 and crypt32.dll

Big Microsoft day. End-of-life for Windows 7 desktops and Windows 2008 servers strictly speaking Windows Server 2008 R2. I think that today many security guys had a fun task to count how many host hosts with win7 and win2008 they still have in the organization. So, Asset Management is a necessity...

10CVSS0.2AI score0.89436EPSS
Exploits23
ptsecurity
ptsecurity
added 2020/01/14 12:0 a.m.11 views

PT-2020-1289

Name of the Vulnerable Software and Affected Versions Windows CryptoAPI Crypt32.dll versions prior to the fixed version Description A spoofing vulnerability exists in the way Windows CryptoAPI validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by...

9.4CVSS7.4AI score0.89436EPSS
Exploits14References91
nessus
nessus
added 2013/11/13 12:0 a.m.50 views

MS13-095: Vulnerability in Digital Signatures Could Allow Denial of Service (2868626)

The remote Windows host is affected by a denial of service vulnerability due to the way affected web services process specially crafted X.509 certificates. By exploiting this flaw, a remote, unauthenticated attacker could crash the affected service. C Tenable Network Security, Inc...

5CVSS5.5AI score0.17977EPSS
Exploits0References2
seebug
seebug
added 2006/10/24 12:0 a.m.12 views

Easy File Sharing FTP Server 2.0 (PASS) Remote Exploit (PoC)

No description provided by source. !/usr/bin/python Easy File Sharing FTP Server 2.0 PASS 0day PoC exploit Proof of Concept: execute calc.exe Bug found by h07 [email protected] Tested on XP SP2 polish Date: 28.07.2006 BUFFPASS + 0x20+0x2c+NOP 2571+0x41414141+\r\n EIP = 0x41414141 host = "127.0.0.1"...

7.1AI score
Exploits0
zdt
zdt
added 2006/08/21 12:0 a.m.27 views

Easy File Sharing FTP Server 2.0 (PASS) Remote Exploit (PoC)

Exploit for unknown platform in category remote exploits ============================================================ Easy File Sharing FTP Server 2.0 PASS Remote Exploit PoC ============================================================ !/usr/bin/python Easy File Sharing FTP Server 2.0 PASS 0day P...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2006/08/21 12:0 a.m.14 views

Easy File Sharing FTP Server 2.0 - PASS Remote

Easy File Sharing FTP Server 2.0 - PASS Remote !/usr/bin/python Easy File Sharing FTP Server 2.0 PASS 0day PoC exploit Proof of Concept: execute calc.exe Bug found by h07 Tested on XP SP2 polish Date: 28.07.2006 BUFFPASS + 0x20+0x2c+NOP 2571+0x41414141+\r\n EIP = 0x41414141 host = "127.0.0.1" por...

1AI score
Exploits0
exploitdb
exploitdb
added 2006/08/21 12:0 a.m.45 views

Easy File Sharing FTP Server 2.0 - 'PASS' Remote

!/usr/bin/python Easy File Sharing FTP Server 2.0 PASS 0day PoC exploit Proof of Concept: execute calc.exe Bug found by h07 Tested on XP SP2 polish Date: 28.07.2006 BUFFPASS + 0x20+0x2c+NOP 2571+0x41414141+\r\n EIP = 0x41414141 host = "127.0.0.1" port = 21 lenrecv = 1024 username = "anonymous"...

7AI score
Exploits0
cve
cve
added 2004/02/11 5:0 a.m.116 views

CVE-2003-0818

CVE-2003-0818 covers a heap-based overflow in the Microsoft ASN.1 library (MSASN1.DLL) used by Windows components (LSASS.EXE, CRYPT32.DLL) on Windows NT 4.0/2000/XP. The vulnerability affects BER decoding of ASN.1 data, with two vectors: (1) very large length fields overwriting heap data, and (2)...

7.5CVSS7.4AI score0.84008EPSS
Exploits4References12Affected Software4
Rows per page
Query Builder