EUVD-2008-5103

Malware in sbrugna...

Code injection

JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks...

CVE-2008-5124

JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks...

CVE-2008-5124

JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks...

JSCAPE Secure FTP Applet主机密钥验证绕过安全限制漏洞

BUGTRAQ ID: 29882 Secure FTP Applet是运行在WEB浏览器中的的FTP客户端组件。 Secure FTP Applet在处理数据连接时存在漏洞，在连接期间Applet没有正确地验证或显示主机密钥，这允许攻击者通过中间人攻击劫持会话，从而完全入侵FTP客户端。 JSCAPE Secure FTP Applet 4.8 JSCAPE ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.jscape.com/sftpapplet/index.html...

Jscape Secure FTP Applet sessions spoofing

SSH key is not checked...

n.runs-SA-2008.001 - Jscape Secure FTP Applet

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2008.001 23-June-2008 Vendor: Jscape, http://www.jscape.com/ Affected Products: Jscape Secure FTP Applet http://www.jscape.com/sftpapplet/index.html Vulnerability: SSH Host key is not verified allowing for Man in the Middle attacks Ris...