15 matches found
False Security Confidence in Benign LLM Code Generation
Prior work has demonstrated that functionally correct yet vulnerable outputs arise systematically in threat-oriented settings, where adversarial or implicit channels are used to induce security failures in code agents and automated patching workflows. This note introduces a complementary but...
EUVD-2004-1085
Malware in sbrugna...
PYSEC-2020-97
In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow colors.statusbar.url.warn.fg. However, when the affected website was subsequently loaded again, the UR...
CVE-2019-10884
Uniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and sub-domains. The vulnerability means that passwords saved for example.com will be recommended for usersite.example.com. This could lead to successful phishing campaigns and crea...
Design/Logic Flaw
Uniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and sub-domains. The vulnerability means that passwords saved for example.com will be recommended for usersite.example.com. This could lead to successful phishing campaigns and crea...
CVE-2019-10884
Uniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and sub-domains. The vulnerability means that passwords saved for example.com will be recommended for usersite.example.com. This could lead to successful phishing campaigns and crea...
Private Web Browsing Is Mostly A Failure
Features in the four major browsers designed to cloak users’ browser history often don’t work as billed, according to a research paper that warns that users may get a false sense of security when using the built-in privacy settings. Read the full article. The Register...
CVE-2004-2091
Microsoft Baseline Security Analyzer MBSA 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security...
CVE-2004-1087
Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user...
CVE-2004-1087
Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user...
Sun Java Applet 1.x - Invocation Version Specification
Sun Java Applet 1.x - Invocation Version Specification source: https://www.securityfocus.com/bid/11757/info Java provides support for dynamic and static versioning when loading applets in the Java plug-in. This means that during the invocation of an applet, a user can request that a particular...
Sophos Anti-Virus 3.x - Reserved MS-DOS Name Scan Evasion
source: https://www.securityfocus.com/bid/11236/info Sophos Anti-Virus is affected by a reserved MS-DOS name virus scan evasion vulnerability. This issue is due to a design error that allows certain files to avoid being scanned. An attacker may leverage this issue to bypass the scanner protection...
Netgear RP114 3.26 - Content Filter Bypass
source: https://www.securityfocus.com/bid/10404/info It is reported that users may bypass Netgear RP114 content filter functionality. This can be accomplished by making a URI request string that is over 220 bytes in length. This vulnerability may result in a false sense of security for a network...
ProtWare HTML Guardian 6.x - Encryption
source: https://www.securityfocus.com/bid/7169/info A weakness has been reported in the encryption scheme used by ProtWare HTML Guardian. Specifically, the encryption scheme implemented obfuscates data using a simple bit shifting technique, making it trivial for attackers to reverse. Administrato...
Perl2Exe 1.0 95.0 26.0 - Code Obfuscation
Perl2Exe 1.0 95.0 26.0 - Code Obfuscation source: https://www.securityfocus.com/bid/6909/info Perl2Exe obfuscates Perl source code using a reversible algorithm when converting it to an executable format. This occurs when the "encrypt" option is selected. Those who use Perl2Exe with the expectatio...