Cross site scripting

Cross-site scripting XSS vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists...

CVE-2007-5796

Cross-site scripting XSS vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists...

CVE-2007-5796

Cross-site scripting XSS vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists...

rhcs CRL can get corrupted

Certificate Server 7.2 in Red Hat Certificate System RHCS does not properly handle new revocations that occur while a Certificate Revocation List CRL is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to...

Moderate: Red Hat Security Advisory: rhpki-util, rhpki-common, rhpki-ca security update

Updated rhpki-util, rhpki-common, and rhpki-ca packages that fix a security issue are now available for Red Hat Certificate System 7.2. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Red Hat Certificate System RHCS is an enterprise software...

Authentication flaw

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed...

CVE-2007-4417

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed...

CVE-2007-4417

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 are affected by CVE-2007-4417 due to improper revocation of privileges on methods. This vulnerability lets remote authenticated users execute a method after privileges have been revoked, until the routine auth cache is flushed. The issue conc...

Juniper Steel Belted RADIUS CRL access problem

Certificates revocation list download ffeature doesn't work...

Oracle 10g KUPM$MCP.MAIN SQL Injection Exploit

Exploit for multiple platform in category remote exploits ============================================== Oracle 10g KUPM$MCP.MAIN SQL Injection Exploit ============================================== !/usr/bin/perl Remote Oracle KUPM$MCP.MAIN exploit 10g Grant or revoke dba permission to...

Authorization

Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List CRL authorization control and access secure web server instances running under an account different from that used for the admin server via...

CVE-2007-1526

Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List CRL authorization control and access secure web server instances running under an account different from that used for the admin server via...

CVE-2007-1526

Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List CRL authorization control and access secure web server instances running under an account different from that used for the admin server via...

Sun Java System Web Server证书撤销访问控制绕过漏洞

Sun Java系统应用和WEB服务器都是与J2EE平台兼容的应用服务器。 Sun Java System Web Server中的安全漏洞可能允许本地或远程用户获取对某些Web服务器例程的授权访问。 如果通过管理服务器创建了安全的Web服务器例程做为非root例程且将改管理服务器配置为以root用户权限运行的话，则这个漏洞可能允许拥有已撤销客户端证书的用户在某些条件下访问Web服务器例程，即使该例程已经安装了有效的证书撤销列表（CRL）文件。 仅在满足以下两个条件下这个漏洞才会影响主机： 1 包含有满足某些标准的证书撤销列表（CRL） 2...

oracledmgd-sql.txt

!/usr/bin/perl Remote Oracle DBMSMETADAT.GETDDL exploit 9i/10g Grant or revoke dba permission to unprivileged user Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" REF: http://www.securityfocus.com/bid/16287 AUTHOR: Andrea "bunker" Purificato http://rawlab.mindcreations.com...

MySQL improper permission revocation

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy...

Oracle 9i/10g DBMS_EXPORT_EXTENSION SQL Injection Exploit

Exploit for multiple platform in category remote exploits ========================================================= Oracle 9i/10g DBMSEXPORTEXTENSION SQL Injection Exploit ========================================================= !/usr/bin/perl Remote Oracle dbmsexportextension exploit any versio...

CVE-2006-6967

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration CCE. In addition, it describes...

CheckPoint FireWall-1 information leak

It's possible to retrieve certificate revocation least from internal CA port TCP/18246...

Apple Mac OS X Security Framework Online Certificate Status Protocol (OCSP) service fails to properly retrieve certificate revocation lists

Overview Apple Mac OS X Security Framework Online Certificate Status Protocol OCSP service is unable to retrieve certificate revocation lists on systems that are configured to use an HTTP proxy. This vulnerability may result in the use of revoked certificates. Description The Online Certificate...