Lucene search
K

2076 matches found

CVE
CVE
added 2007/08/18 9:0 p.m.51 views

CVE-2007-4417

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 are affected by CVE-2007-4417 due to improper revocation of privileges on methods. This vulnerability lets remote authenticated users execute a method after privileges have been revoked, until the routine auth cache is flushed. The issue conc...

6CVSS6.4AI score0.01343EPSS
Exploits0References9Affected Software1
securityvulns
securityvulns
added 2007/06/28 12:0 a.m.28 views

Juniper Steel Belted RADIUS CRL access problem

Certificates revocation list download ffeature doesn't work...

2.1AI score
Exploits0References1Affected Software1
0day.today
0day.today
added 2007/03/27 12:0 a.m.20 views

Oracle 10g KUPM$MCP.MAIN SQL Injection Exploit

Exploit for multiple platform in category remote exploits ============================================== Oracle 10g KUPM$MCP.MAIN SQL Injection Exploit ============================================== !/usr/bin/perl Remote Oracle KUPM$MCP.MAIN exploit 10g Grant or revoke dba permission to...

7.1AI score
Exploits0
Prion
Prion
added 2007/03/20 8:19 p.m.23 views

Authorization

Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List CRL authorization control and access secure web server instances running under an account different from that used for the admin server via...

6CVSS6.4AI score0.00908EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2007/03/20 8:19 p.m.16 views

CVE-2007-1526

Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List CRL authorization control and access secure web server instances running under an account different from that used for the admin server via...

6CVSS6.2AI score0.00908EPSS
Exploits0References5
Cvelist
Cvelist
added 2007/03/20 8:0 p.m.23 views

CVE-2007-1526

Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List CRL authorization control and access secure web server instances running under an account different from that used for the admin server via...

6.2AI score0.00908EPSS
Exploits0References5
seebug.org
seebug.org
added 2007/03/16 12:0 a.m.20 views

Sun Java System Web Server证书撤销访问控制绕过漏洞

Sun Java系统应用和WEB服务器都是与J2EE平台兼容的应用服务器。 Sun Java System Web Server中的安全漏洞可能允许本地或远程用户获取对某些Web服务器例程的授权访问。 如果通过管理服务器创建了安全的Web服务器例程做为非root例程且将改管理服务器配置为以root用户权限运行的话,则这个漏洞可能允许拥有已撤销客户端证书的用户在某些条件下访问Web服务器例程,即使该例程已经安装了有效的证书撤销列表(CRL)文件。 仅在满足以下两个条件下这个漏洞才会影响主机: 1 包含有满足某些标准的证书撤销列表(CRL) 2...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2007/02/24 12:0 a.m.27 views

oracledmgd-sql.txt

!/usr/bin/perl Remote Oracle DBMSMETADAT.GETDDL exploit 9i/10g Grant or revoke dba permission to unprivileged user Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" REF: http://www.securityfocus.com/bid/16287 AUTHOR: Andrea "bunker" Purificato http://rawlab.mindcreations.com...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2007/02/19 7:41 p.m.3 views

MySQL improper permission revocation

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy...

2.1CVSS7.3AI score0.0174EPSS
Exploits1References4
0day.today
0day.today
added 2007/02/05 12:0 a.m.22 views

Oracle 9i/10g DBMS_EXPORT_EXTENSION SQL Injection Exploit

Exploit for multiple platform in category remote exploits ========================================================= Oracle 9i/10g DBMSEXPORTEXTENSION SQL Injection Exploit ========================================================= !/usr/bin/perl Remote Oracle dbmsexportextension exploit any versio...

7.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2007/02/04 12:28 a.m.2 views

CVE-2006-6967

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration CCE. In addition, it describes...

5.8AI score
Exploits0References1
securityvulns
securityvulns
added 2007/02/04 12:0 a.m.46 views

CheckPoint FireWall-1 information leak

It's possible to retrieve certificate revocation least from internal CA port TCP/18246...

2.1AI score
Exploits0
CERT
CERT
added 2006/12/04 12:0 a.m.30 views

Apple Mac OS X Security Framework Online Certificate Status Protocol (OCSP) service fails to properly retrieve certificate revocation lists

Overview Apple Mac OS X Security Framework Online Certificate Status Protocol OCSP service is unable to retrieve certificate revocation lists on systems that are configured to use an HTTP proxy. This vulnerability may result in the use of revoked certificates. Description The Online Certificate...

5CVSS5.7AI score0.01538EPSS
Exploits2References2
NVD
NVD
added 2006/11/30 4:28 p.m.24 views

CVE-2006-4409

The Online Certificate Status Protocol OCSP service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists CRL when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked...

5CVSS6.1AI score0.01538EPSS
Exploits2References9
NVD
NVD
added 2006/11/30 4:28 p.m.15 views

CVE-2006-4410

The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists CRL, which allows remote attackers to access systems by using revoked certificates...

7.5CVSS6.2AI score0.01598EPSS
Exploits2References8
CVE
CVE
added 2006/11/30 4:0 p.m.44 views

CVE-2006-4409

The CVE-2006-4409 issue is concrete: OCSP in Apple Mac OS X Security Framework could fail to retrieve CRLs when a system uses an HTTP proxy (affecting Mac OS X 10.4 to 10.4.8). This could allow revoked certificates to be accepted by the system. The vulnerability pertains to the OCSP service, and ...

5CVSS6.2AI score0.01538EPSS
Exploits2References9Affected Software1
CVE
CVE
added 2006/11/30 4:0 p.m.48 views

CVE-2006-4410

The CVE-2006-4410 entry affects Apple Mac OS X where the Security Framework in 10.3.9 and 10.4.x (before 10.4.7) does not properly search certificate revocation lists (CRLs). This allows remote attackers to authenticate with revoked certificates, potentially compromising system access. Public ref...

7.5CVSS6.2AI score0.01598EPSS
Exploits2References8Affected Software1
Cvelist
Cvelist
added 2006/11/30 4:0 p.m.22 views

CVE-2006-4410

The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists CRL, which allows remote attackers to access systems by using revoked certificates...

6.2AI score0.01598EPSS
Exploits2References8
Cvelist
Cvelist
added 2006/11/30 4:0 p.m.28 views

CVE-2006-4409

The Online Certificate Status Protocol OCSP service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists CRL when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked...

6.1AI score0.01538EPSS
Exploits2References9
securityvulns
securityvulns
added 2006/03/21 12:0 a.m.42 views

CORE-2006-0124: Cross-Site Scripting in Verisign’s haydn.exe CGI script

Core Security Technologies - Corelabs Advisory http://www.coresecurity.com/corelabs/ Cross-Site Scripting in Verisign’s haydn.exe CGI script Date Published: 2006-03-20 Last Update: 2006-03-20 Advisory ID: CORE-2006-0124 Bugtraq ID: None currently assigned CVE Name: None currently assigned Title:...

6.6AI score
Exploits0
Rows per page
Query Builder