9971 matches found
CVE-2010-0271
Affected software : Sun OpenSolaris hald (SNV_51 to SNV_130). Vulnerability details : The hald process does not have the proc_audit privilege during unspecified attempts to write to the auditing log, enabling an attacker in physical proximity to evade detection of changes to the set of Hardware A...
TLS: MITM attacks via session renegotiation
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...
Network Weaknesses Exposed at 26C3 Berlin
At the 26th Chaos Communication Congress in Berlin, security researcher Fabian Yamaguchi demonstrated a number of vulnerabilities that can apparently be found in many average communication networks and affect all levels from the access layer to the application layer. Read the full article. The H...
StartTLS not enabled in Hitachi Storage Command Suite products
Overview When a Hitachi Storage Command Suite product uses an LDAP directory server as the server to be used for external authentication, StartTLS won't be enabled even if it is specified as the connection protocol. Impact StartTLS won't be enabled even if it is specified as the connection...
TLS: MITM attacks via session renegotiation
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...
TLS Renegotiation Vulnerability: Proof of Concept Code (Python)
Information about a vulnerability in the TLS protocol was published in the beginning of November 2009. Attackers can take advantage of that vulnerability to inject arbitrary prefixes into a network connection protected by TLS. This can result in severe vulnerabilities, depending on the applicatio...
Mozilla SSL spoofing with document.location and empty SSL response page
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content aka 204 status code and an empty...
deprecate MD2 in SSL cert validation (Kaminsky)
The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...
qpid: large messaages cause crash when using digest-md5 and security layer
qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use...
Theeta CMS (Cross Site Scripting SQL Injection) Multiple Vulnerabilities
No description provided by source. / \ / | | | \ / | | | | | | | | | | || | | | | | | | | '| | | | | | | | | | |/ \ / |/ / / | | | | || | || | || || | / || | | | / | | || / / |/ || ,|\|,| +-+-+-+-+ |C|r|e|w| +-+-+-+-+ Theeta CMS Cross Site Scripting,SQL Injection Multiple Vulnerabilities...
Theeta CMS - Multiple Vulnerabilities
/ \ / | | | \ / | | | | | | | | | | || | | | | | | | | '| | | | | | | | | | |/ \ / |/ / / | | | | || | || | || || | / || | | | / | | || / / |/ || ,|\|,| +-+-+-+-+ |C|r|e|w| +-+-+-+-+ Theeta CMS Cross Site Scripting,SQL Injection Multiple Vulnerabilities Discovered By c0dy...
Theeta CMS (Cross Site Scripting,SQL Injection) Multiple
No description provided by source. / \ / | | | \ / | | | | | | | | | | || | | | | | | | | '| | | | | | | | | | |/ \ / |/ / / | | | | || | || | || || | / || | | | / | | || / / |/ || ,|\|,| +-+-+-+-+ |C|r|e|w| +-+-+-+-+ Theeta CMS Cross Site Scripting,SQL Injection Multiple Vulnerabilities...
Theeta CMS (Cross Site Scripting,SQL Injection) Multiple Vulnerabilities
/ / | | | / | | | | | | | | | | || | | | | | | | | '| | | | | | | | | | |/ / |/ / / | | | | || | || | || || | / || | | | / | | || / / |/ || ,||,| +-+-+-+-+ |C|r|e|w| +-+-+-+-+ Theeta CMS Cross Site Scripting,SQL Injection Multiple Vulnerabilities Discovered By c0dy http://r00tDefaced.net Greetz:...
TLS Renegotiation (CVE-2009-3555)
Transport Layer Security TLS and Secure Sockets Layer SSL are cryptographic protocols that provide security for communications over networks. A spoofing vulnerability exists in multiple implementations of these protocols. The vulnerability is due to the flaw in the renegotiation aspect of the TLS...
VulnCheck KEV: CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier,...
OWASP Con Begets Top 10 Threats List
Injection attacks top the 2010 OWASP Top 10 list of Web application security threats, including SQL, OS, and LDAP injection, followed by cross-site scripting XSS, broken authentication and session management, insecure direct object references, cross-site request forgery CSRF, security...
deprecate MD2 in SSL cert validation (Kaminsky)
The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...
TLS: MITM attacks via session renegotiation
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...
TLS: MITM attacks via session renegotiation
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...
Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability Advisory ID: cisco-sa-20091109-tls http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml Revision 1.0 For Public Release 2009 November 9 1600 UTC GMT Summary...