2076 matches found
CVE-2007-4417
IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 are affected by CVE-2007-4417 due to improper revocation of privileges on methods. This vulnerability lets remote authenticated users execute a method after privileges have been revoked, until the routine auth cache is flushed. The issue conc...
Juniper Steel Belted RADIUS CRL access problem
Certificates revocation list download ffeature doesn't work...
Oracle 10g KUPM$MCP.MAIN SQL Injection Exploit
Exploit for multiple platform in category remote exploits ============================================== Oracle 10g KUPM$MCP.MAIN SQL Injection Exploit ============================================== !/usr/bin/perl Remote Oracle KUPM$MCP.MAIN exploit 10g Grant or revoke dba permission to...
Authorization
Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List CRL authorization control and access secure web server instances running under an account different from that used for the admin server via...
CVE-2007-1526
Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List CRL authorization control and access secure web server instances running under an account different from that used for the admin server via...
CVE-2007-1526
Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List CRL authorization control and access secure web server instances running under an account different from that used for the admin server via...
Sun Java System Web Server证书撤销访问控制绕过漏洞
Sun Java系统应用和WEB服务器都是与J2EE平台兼容的应用服务器。 Sun Java System Web Server中的安全漏洞可能允许本地或远程用户获取对某些Web服务器例程的授权访问。 如果通过管理服务器创建了安全的Web服务器例程做为非root例程且将改管理服务器配置为以root用户权限运行的话,则这个漏洞可能允许拥有已撤销客户端证书的用户在某些条件下访问Web服务器例程,即使该例程已经安装了有效的证书撤销列表(CRL)文件。 仅在满足以下两个条件下这个漏洞才会影响主机: 1 包含有满足某些标准的证书撤销列表(CRL) 2...
oracledmgd-sql.txt
!/usr/bin/perl Remote Oracle DBMSMETADAT.GETDDL exploit 9i/10g Grant or revoke dba permission to unprivileged user Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" REF: http://www.securityfocus.com/bid/16287 AUTHOR: Andrea "bunker" Purificato http://rawlab.mindcreations.com...
MySQL improper permission revocation
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy...
Oracle 9i/10g DBMS_EXPORT_EXTENSION SQL Injection Exploit
Exploit for multiple platform in category remote exploits ========================================================= Oracle 9i/10g DBMSEXPORTEXTENSION SQL Injection Exploit ========================================================= !/usr/bin/perl Remote Oracle dbmsexportextension exploit any versio...
CVE-2006-6967
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration CCE. In addition, it describes...
CheckPoint FireWall-1 information leak
It's possible to retrieve certificate revocation least from internal CA port TCP/18246...
Apple Mac OS X Security Framework Online Certificate Status Protocol (OCSP) service fails to properly retrieve certificate revocation lists
Overview Apple Mac OS X Security Framework Online Certificate Status Protocol OCSP service is unable to retrieve certificate revocation lists on systems that are configured to use an HTTP proxy. This vulnerability may result in the use of revoked certificates. Description The Online Certificate...
CVE-2006-4409
The Online Certificate Status Protocol OCSP service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists CRL when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked...
CVE-2006-4410
The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists CRL, which allows remote attackers to access systems by using revoked certificates...
CVE-2006-4409
The CVE-2006-4409 issue is concrete: OCSP in Apple Mac OS X Security Framework could fail to retrieve CRLs when a system uses an HTTP proxy (affecting Mac OS X 10.4 to 10.4.8). This could allow revoked certificates to be accepted by the system. The vulnerability pertains to the OCSP service, and ...
CVE-2006-4410
The CVE-2006-4410 entry affects Apple Mac OS X where the Security Framework in 10.3.9 and 10.4.x (before 10.4.7) does not properly search certificate revocation lists (CRLs). This allows remote attackers to authenticate with revoked certificates, potentially compromising system access. Public ref...
CVE-2006-4410
The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists CRL, which allows remote attackers to access systems by using revoked certificates...
CVE-2006-4409
The Online Certificate Status Protocol OCSP service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists CRL when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked...
CORE-2006-0124: Cross-Site Scripting in Verisign’s haydn.exe CGI script
Core Security Technologies - Corelabs Advisory http://www.coresecurity.com/corelabs/ Cross-Site Scripting in Verisign’s haydn.exe CGI script Date Published: 2006-03-20 Last Update: 2006-03-20 Advisory ID: CORE-2006-0124 Bugtraq ID: None currently assigned CVE Name: None currently assigned Title:...