CVE-2008-3068

Microsoft Crypto API 5.131.2600.2180 through 6.0 (used in Outlook, Windows Live Mail, and Office 2007) performs CRL checks by using an arbitrary URL from a certificate embedded in an S/MIME email or a signed document via the Authority Information Access (AIA) extension. This allows remote attacke...

CVE-2008-2420

The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists CRL, which allows remote attackers to bypass intended access restrictions by using revoked certificates...

Design/Logic Flaw

The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists CRL, which allows remote attackers to bypass intended access restrictions by using revoked certificates...

CVE-2008-2420

The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists CRL, which allows remote attackers to bypass intended access restrictions by using revoked certificates...

CVE-2008-2420

The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists CRL, which allows remote attackers to bypass intended access restrictions by using revoked certificates...

CVE-2008-2420

CVE-2008-2420 affects stunnel’s OCSP search functionality (pre-4.24) where certificate revocation lists (CRLs) are not properly checked. This can let a remote attacker bypass access restrictions by presenting a revoked certificate, as described in multiple advisories; Mandriva notes updated packa...

CVE-2008-2420

The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists CRL, which allows remote attackers to bypass intended access restrictions by using revoked certificates...

CVE-2008-2420

The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists CRL, which allows remote attackers to bypass intended access restrictions by using revoked certificates...

MySQL improper permission revocation

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy...

Design/Logic Flaw

Certificate Server 7.2 in Red Hat Certificate System RHCS does not properly handle new revocations that occur while a Certificate Revocation List CRL is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to...

CVE-2007-5796

Cross-site scripting XSS vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists...

Cross site scripting

Cross-site scripting XSS vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists...

CVE-2007-5796

Cross-site scripting XSS vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists...

rhcs CRL can get corrupted

Certificate Server 7.2 in Red Hat Certificate System RHCS does not properly handle new revocations that occur while a Certificate Revocation List CRL is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to...

Moderate: Red Hat Security Advisory: rhpki-util, rhpki-common, rhpki-ca security update

Updated rhpki-util, rhpki-common, and rhpki-ca packages that fix a security issue are now available for Red Hat Certificate System 7.2. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Red Hat Certificate System RHCS is an enterprise software...

CVE-2007-4417

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed...

Authentication flaw

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed...

CVE-2007-4417

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 are affected by CVE-2007-4417 due to improper revocation of privileges on methods. This vulnerability lets remote authenticated users execute a method after privileges have been revoked, until the routine auth cache is flushed. The issue conc...

Juniper Steel Belted RADIUS CRL access problem

Certificates revocation list download ffeature doesn't work...

Oracle 10g KUPM$MCP.MAIN SQL Injection Exploit

Exploit for multiple platform in category remote exploits ============================================== Oracle 10g KUPM$MCP.MAIN SQL Injection Exploit ============================================== !/usr/bin/perl Remote Oracle KUPM$MCP.MAIN exploit 10g Grant or revoke dba permission to...