859 matches found
TLS: MITM attacks via session renegotiation
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...
TLS: MITM attacks via session renegotiation
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...
TLS: MITM attacks via session renegotiation
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...
AST-2010-002: Dialplan injection vulnerability
Asterisk Project Security Advisory - AST-2010-002 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Dialplan injection vulnerability |...
SSL data injection
Data injection possibility connected with SSL in-session renegotiation...
OpenSSL -- Remote Data Injection / DoS
Applications that use SSLMODERELEASEBUFFERS, such as nginx, are prone to a race condition which may allow a remote attacker to inject random data into other connections...
CVE-2009-3796
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."...
Design/Logic Flaw
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."...
CVE-2009-3796
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."...
CVE-2009-3796
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."...
CVE-2009-3796
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 are affected by CVE-2009-3796 (data injection vulnerability) that could allow remote code execution via unspecified vectors. Red Hat advisories RHSA-2009:1657/1658 and related summaries indicate upgrading Flash to 10.0.42.34 as remed...
flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."...
flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."...
Adobe Zaps Dangerous Flash Player Bugs
Adobe has shipped a critical Flash Player update to fix at least seven documented security vulnerabilities that expose nearly every computer user to dangerous hacker attacks. The Flash Player 10.0.42.34 update is available for all platforms Windows, Linux and Mac OS X. Here are the raw details:...
Adobe AIR < 1.5.3 Multiple Vulnerabilities (APSB09-19)
Binary data 5256.prm...
Flash Player < 9.0.260 / 10.0.42.34 Multiple Vulnerabilities (APSB09-19)
The remote Windows host contains a version of Adobe Flash Player that is earlier than 9.0.260 or 10.0.42.34. Such versions are potentially affected by multiple vulnerabilities : - A vulnerability in the parsing of JPEG data could lead to code execution. CVE-2009-3794 - A data injection...
Adobe AIR < 1.5.3 Multiple Vulnerabilities (APSB09-19)
The remote Windows host contains a version of Adobe AIR that is earlier than 1.5.3. Such versions are potentially affected by multiple vulnerabilities : - A vulnerability in the parsing of JPEG data could lead to code execution. CVE-2009-3794 - A data injection vulnerability could lead to code...
CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...
Sguil/PADS - Remote Server Crash
Sguil/PADS Denial of Service exploit by Ataraxia Benjamin Rose Public announcement made 7/15/09. Please visit http://allmybase.com/ my blog for more up-to-date information, and a quick patch. More in-depth article available at: http://allmybase.com/?p=72 This more in-depth article does include...
Stack overflow
Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family aka RTworks before 4.0.5, and Enterprise Message Service EMS 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server aka RTserver, SmartSockets client libraries and add-on products, RTworks...