377 matches found
python-httplib insufficient certificate validation
Certificate is only validated on first request...
CVE-2012-5825
Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library...
DEBIAN-CVE-2012-5825
Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library...
CVE-2012-5825
Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library...
Code injection
Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library...
UBUNTU-CVE-2012-5825
Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library...
CVE-2012-5825
Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library...
CVE-2012-5825
CVE-2012-5825 : Affects Tweepy; does not verify that the server hostname matches the CN/subjectAltName in the SSL certificate when using the Python httplib library. This vulnerability can allow a man-in-the-middle to spoof an SSL server using an arbitrary valid certificate. The provided documents...
CVE-2012-5825
Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library...
Struts2 remote code execution vulnerability detection principle and code level implementation-vulnerability warning-the black bar safety net
Laboratory evan-css analysis of the recent very fire of Struct2 vulnerability hole. Recently very fire the Struts2 vulnerability everyone should have heard of it, if you haven't heard it doesn't matter about this vulnerability can be described with a one-sentence summary: vulnerability is...
Thomson Wireless VoIP Cable Modem Auth Bypass
Exploit for hardware platform in category web applications Exploit Title: Thomson Wireless VoIP Cable Modem Auth Bypass Date: February 22, 2011 Authors: Glafkos Charalambous, George Nicolaou Product: TWG850-4 Wireless VoIP Cable Modem Software Version: ST9A.01.06 Severity: High Other...
Oracle GlassFish Server管理控制台远程验证绕过漏洞
Bugtraq ID: 47818 CVE ID:CVE-2011-1511 Sun GlassFish Enterprise Server是一款构建和部署下一代应用程序和服务的开源和开放社区平台。 管理控制台允许通过HTTP TRACE方法无需验证进行访问,攻击者可以利用此漏洞绕过验证机制获得对某些信息的访问,如日志查看器或JDBC连接池属性信息 Sun Glassfish Enterprise Server 2.1.1 Oracle Glassfish Server 3.0.1 厂商解决方案 Oracle Glassfish Server 3.1已经修复此漏洞,建议用户下载使用:...
Cisco Security Agent Management Console Command Execution
!/usr/bin/env python Exploits Cisco Security Agent Management Console ‘stupload’ CVE-2011-0364 gerry eisenhaur import httplib import mimetools import StringIO boundary = mimetools.chooseboundary hostuid = 'C087EFAE-05A2-4A0B-9512-E05E5ED84AEB' csamc = "192.168.0.108" we need to enable some...
HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution
Exploit Title: HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution Date: 2010.07.02 Author: S2 Crew Hungary Software Link: hp.com Version: 7.53 Tested on: Windows 2003 CVE: CVE-2010-1554 Code : !/usr/bin/python import struct import socket import httplib import urllib calc.exe...
MemCompany 1.0 Remote Denial Of Service
!/usr/bin/python Title: MemDb Multiple Remote Dos Products: MemCompany v1.0- Memdb Memory Database System v1.02- Memdb Online Survey Sistem v2006 Date: 28/06/2010 Author: Markot Advisory: http://www.corelan.be:8866/advisories.php?id=CORELAN-10-054 Platform: Windows XP sp3 En Greetz to: Corelan...
PHP MultiPart For-Data Denial Of Service
PHP MultiPart Form-Data Denial of Service proof of concept, 23-10-2009 Bogdan Calin [email protected] import httplib, urllib, sys, string, threading from string import replace from urlparse import urlparse def usage: print "" print " PHP MultiPart Form-Data Denial of Service proof of concept"...
PHP MultiPart Form-Data Denial of Service PoC
Exploit for unknown platform in category web applications ============================================= PHP MultiPart Form-Data Denial of Service PoC ============================================= !/usr/bin/python PHP MultiPart Form-Data Denial of Service proof of concept, 23-10-2009 Bogdan Calin...