Lucene search
K

377 matches found

securityvulns
securityvulns
added 2013/06/05 12:0 a.m.36 views

python-httplib insufficient certificate validation

Certificate is only validated on first request...

2.6CVSS2.9AI score0.01324EPSS
Exploits1References1
NVD
NVD
added 2012/11/04 10:55 p.m.13 views

CVE-2012-5825

Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library...

5.8CVSS6.4AI score0.00597EPSS
Exploits1References2
OSV
OSV
added 2012/11/04 10:55 p.m.2 views

DEBIAN-CVE-2012-5825

Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library...

5.8CVSS6.9AI score0.00597EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2012/11/04 10:55 p.m.19 views

CVE-2012-5825

Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library...

5.8CVSS6AI score0.00597EPSS
Exploits1References2
Prion
Prion
added 2012/11/04 10:55 p.m.10 views

Code injection

Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library...

5.8CVSS7AI score0.00597EPSS
Exploits1References2
OSV
OSV
added 2012/11/04 10:55 p.m.2 views

UBUNTU-CVE-2012-5825

Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library...

5.8CVSS5.9AI score0.00597EPSS
Exploits1References3
Cvelist
Cvelist
added 2012/11/04 10:0 p.m.19 views

CVE-2012-5825

Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library...

6.3AI score0.00597EPSS
Exploits1References2
CVE
CVE
added 2012/11/04 10:0 p.m.40 views

CVE-2012-5825

CVE-2012-5825 : Affects Tweepy; does not verify that the server hostname matches the CN/subjectAltName in the SSL certificate when using the Python httplib library. This vulnerability can allow a man-in-the-middle to spoof an SSL server using an arbitrary valid certificate. The provided documents...

5.8CVSS6.5AI score0.00597EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2012/11/04 10:0 p.m.18 views

CVE-2012-5825

Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library...

5.8CVSS4.8AI score0.00597EPSS
Exploits1
myhack58
myhack58
added 2012/10/17 12:0 a.m.19 views

Struts2 remote code execution vulnerability detection principle and code level implementation-vulnerability warning-the black bar safety net

Laboratory evan-css analysis of the recent very fire of Struct2 vulnerability hole. Recently very fire the Struts2 vulnerability everyone should have heard of it, if you haven't heard it doesn't matter about this vulnerability can be described with a one-sentence summary: vulnerability is...

7.1AI score
Exploits0
0day.today
0day.today
added 2012/09/20 12:0 a.m.28 views

Thomson Wireless VoIP Cable Modem Auth Bypass

Exploit for hardware platform in category web applications Exploit Title: Thomson Wireless VoIP Cable Modem Auth Bypass Date: February 22, 2011 Authors: Glafkos Charalambous, George Nicolaou Product: TWG850-4 Wireless VoIP Cable Modem Software Version: ST9A.01.06 Severity: High Other...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2011/05/13 12:0 a.m.100 views

Oracle GlassFish Server管理控制台远程验证绕过漏洞

Bugtraq ID: 47818 CVE ID:CVE-2011-1511 Sun GlassFish Enterprise Server是一款构建和部署下一代应用程序和服务的开源和开放社区平台。 管理控制台允许通过HTTP TRACE方法无需验证进行访问,攻击者可以利用此漏洞绕过验证机制获得对某些信息的访问,如日志查看器或JDBC连接池属性信息 Sun Glassfish Enterprise Server 2.1.1 Oracle Glassfish Server 3.0.1 厂商解决方案 Oracle Glassfish Server 3.1已经修复此漏洞,建议用户下载使用:...

6.4CVSS6.4AI score0.14646EPSS
Exploits7
Packet Storm
Packet Storm
added 2011/04/12 12:0 a.m.29 views

Cisco Security Agent Management Console Command Execution

!/usr/bin/env python Exploits Cisco Security Agent Management Console ‘stupload’ CVE-2011-0364 gerry eisenhaur import httplib import mimetools import StringIO boundary = mimetools.chooseboundary hostuid = 'C087EFAE-05A2-4A0B-9512-E05E5ED84AEB' csamc = "192.168.0.108" we need to enable some...

10CVSS0.6AI score0.19617EPSS
Exploits9
Packet Storm
Packet Storm
added 2010/07/03 12:0 a.m.55 views

HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution

Exploit Title: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Date: 2010.07.02 Author: S2 Crew Hungary Software Link: hp.com Version: 7.53 Tested on: Windows 2003 CVE: CVE-2010-1554 Code : !/usr/bin/python import struct import socket import httplib import urllib calc.exe...

10CVSS0.3AI score0.67786EPSS
Exploits13
Packet Storm
Packet Storm
added 2010/06/29 12:0 a.m.30 views

MemCompany 1.0 Remote Denial Of Service

!/usr/bin/python Title: MemDb Multiple Remote Dos Products: MemCompany v1.0- Memdb Memory Database System v1.02- Memdb Online Survey Sistem v2006 Date: 28/06/2010 Author: Markot Advisory: http://www.corelan.be:8866/advisories.php?id=CORELAN-10-054 Platform: Windows XP sp3 En Greetz to: Corelan...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2009/11/23 12:0 a.m.23 views

PHP MultiPart For-Data Denial Of Service

PHP MultiPart Form-Data Denial of Service proof of concept, 23-10-2009 Bogdan Calin [email protected] import httplib, urllib, sys, string, threading from string import replace from urlparse import urlparse def usage: print "" print " PHP MultiPart Form-Data Denial of Service proof of concept"...

7.4AI score
Exploits0
0day.today
0day.today
added 2009/11/22 12:0 a.m.16 views

PHP MultiPart Form-Data Denial of Service PoC

Exploit for unknown platform in category web applications ============================================= PHP MultiPart Form-Data Denial of Service PoC ============================================= !/usr/bin/python PHP MultiPart Form-Data Denial of Service proof of concept, 23-10-2009 Bogdan Calin...

7.1AI score
Exploits0
Rows per page
Query Builder