EUVD-2012-5957

Malware in sbrugna...

CVE-2014-2576

This CVE concerns Claws Mail’s RSSYL integration: plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN/SAN host names, enabling easier server spoofing and MITM attacks. The vulnerability affects the SSL/TLS hostname verification path and can impact con...

CVE-2013-6422

The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification CURLOPTSSLVERIFYPEER, also disables the CURLOPTSSLVERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle MITM...

Code injection

repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

CVE-2012-6087

repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

CVE-2012-6087

CVE-2012-6087 affects Moodle’s repository/s3/S3.php in affected Moodle branches (up to 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, 2.5.x before 2.5.2). The issue is that the code does not verify that the server hostname matches the CN or SAN in the SSL certificate, allowing MITM attackers to ...

CVE-2006-4499

CVE-2006-4499 affects ModernBill 5.0.4 and earlier. The root cause is insecure cURL SSL settings (CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST) that do not verify certificates, allowing remote attackers to read network traffic via a MITM. The connected documents confirm the MITM risk and tra...