CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2013/07/24 10:0 a.m.•45 views

CVE-2012-6580

CVE-2012-6580 affects Best Practical Solutions RT: RT 3.8.x before 3.8.15 and RT 4.0.x before 4.0.8, with GnuPG enabled. The issue is that the UI may not label unencrypted messages as unencrypted, which could allow remote attackers to spoof a message’s origin or interfere with encryption-policy a...

4.3CVSS6.5AI score0.00635EPSS

CVE•added 2013/07/24 10:0 a.m.•46 views

CVE-2012-6581

Best Practical Solutions RT: Affected versions are RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8 with GnuPG enabled. The vulnerability lets remote attackers bypass restrictions on reading keys in the keyring and trigger outbound e‑mail messages signed by an arbitrary stored secret key by abusing ...

4.3CVSS6.4AI score0.012EPSS

Cvelist•added 2013/07/24 10:0 a.m.•19 views

CVE-2012-6579

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service loss of e-mail readability, via an e-mail message to a queue's address...

6.5AI score0.00792EPSS

Cvelist•added 2013/07/24 10:0 a.m.•19 views

CVE-2012-6580

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditin...

6.3AI score0.00635EPSS

Cvelist•added 2013/07/24 10:0 a.m.•15 views

CVE-2012-6581

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail...

6.2AI score0.012EPSS

Debian CVE•added 2013/07/24 10:0 a.m.•20 views

CVE-2012-6578

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics...

4.3CVSS6.5AI score0.01061EPSS

Debian CVE•added 2013/07/24 10:0 a.m.•29 views

CVE-2012-6579

6.4CVSS6.3AI score0.00792EPSS

Debian CVE•added 2013/07/24 10:0 a.m.•18 views

CVE-2012-6581

4.3CVSS6.4AI score0.012EPSS

Debian CVE•added 2013/07/24 10:0 a.m.•17 views

CVE-2012-6580

4.3CVSS6.3AI score0.00635EPSS

ThreatPost•added 2013/07/23 4:4 p.m.•12 views

Long range RFID hacking tool to be released at Black Hat

Out of necessity come many interesting inventions. Fran Brown, a year ago, was working a penetration test for an electric utility doing an assessment of its SCADA network. His first challenge was to get inside the facility, meaning, in short that he had to break in. To do so, he decided to test t...

0.1AI score

Tenable Nessus•added 2013/07/22 12:0 a.m.•42 views

Request Tracker 3.8.x < 3.8.17 / 4.x < 4.0.13 Multiple Vulnerabilities

According to its self-reported version number, the Best Practical Solutions Request Tracker RT running on the remote web server is version 3.8.x prior to 3.8.17 or version 4.x prior to 4.0.13. It is, therefore, potentially affected by the following vulnerabilities : - A flaw exists that allows a...

6.8CVSS7.8AI score0.02428EPSS

Exploits0References12

Opera Security Advisories•added 2013/04/04 12:0 a.m.•492 views

RC4 encryption protocol is vulnerable to certain brute force attacks

Weaknesses in the RC4 encryption protocol have been found, allowing an attacker to deduce the plaintext. If the same message is encrypted many millions of times, statistical methods can be used to extract valuable information, such as cookies. Due to the time this amount of requests takes, this i...

4.4AI score

The Hacker News•added 2012/12/08 5:53 p.m.•8 views

Review : Hacking S3crets - beginners guide to practical hacking

Most of People are curious to become Hackers, but they do not know where to start, If you are in the same situation, then "Hacking S3crets" Book will guide you through the basic and advanced steps of Hacking and will help you develop The Hacker Attitude. Author Sai Satish, and Co-Author K...

6.8AI score

The Hacker News•added 2012/12/08 6:53 a.m.•18 views

Review : Hacking S3crets - beginners guide to practical hacking

6.8AI score