284 matches found
TradeKing FOREXTrader for iPhone app for iOS Sensitive Rest Vulnerability
TradeKingFOREXTraderforiPhoneappforiOS is the United States of America Karson TradeKing company for iOS a highly personalized operating environment with the foreign exchange trading platform. A sensitive information disclosure vulnerability exists in versions 2.9.12 to 2.9.14 of...
CVE-2017-5902
The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
The vulnerability of the PostgreSQL database management system allows a hacker to trigger a service failure.
The vulnerability of the PostgreSQL database management system is related to a memory reclamation error. Exploiting this vulnerability allows an attacker, operating remotely, to cause a service failure by terminating the SSL session at a certain time...
The vulnerability of the JRockit software platform, which allows a malicious actor to compromise data accessibility remotely.
The vulnerability of the JRockit software platform allows a malicious actor to compromise data accessibility by using the JSSE component...
The vulnerability of the Java Development Kit application development tool allows a remote attacker to compromise data confidentiality and integrity.
The vulnerability of the Java Development Kit application development tool, related to its subcomponents. Exploiting this vulnerability allows a malicious attacker to compromise data confidentiality and integrity by using the JSSE subcomponent...
Vulnerability of the Java Runtime Environment software platform, which allows a malicious attacker to compromise data confidentiality and integrity
Vulnerability of the Java Runtime Environment, related to program subcomponents. Exploitation of this vulnerability allows an attacker to compromise data confidentiality and integrity by using the JSSE subcomponent...
USN-2883-1: OpenSSL vulnerability
Antonio Sanso discovered that OpenSSL reused the same private DH exponent for the life of a server process when configured with a X9.42 style parameter file. This could allow a remote attacker to possibly discover the server's private DH exponent when being used with non-safe primes...
Java Secure Socket Extension (JSSE) SKIP-TLS
!/usr/bin/env ruby encoding: ASCII-8BIT By Ramon de C Valle. This work is dedicated to the public domain. require 'openssl' require 'optparse' require 'socket' Version = 0, 0, 1 Release = nil def prfsecret, label, seed if secret.empty? s1 = s2 = '' else length = secret.length 1.0 / 2.ceil s1 =...
Java Secure Socket Extension (JSSE) SKIP-TLS
Java Secure Socket Extension JSSE SKIP-TLS exploit that has been tested on JDK 8u25 and 7u72. This is a stand-alone ruby exploit and does not require Metasploit. !/usr/bin/env ruby encoding: ASCII-8BIT By Ramon de C Valle. This work is dedicated to the public domain. require 'openssl' require...
UBUNTU-CVE-2015-3230
389 Directory Server formerly Fedora Directory Server before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher...
DEBIAN-CVE-2015-5262
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...
DEBIAN-CVE-2015-4456
ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a...
Fortinet FortiOS SSL-VPN Man-in-the-Middle Security Bypass Vulnerability
Fortinet FortiOS is the United States Fita Fortinet company developed a set of dedicated to FortiGate network security platform on the security operating system. A security vulnerability exists in Fortinet FortiOS SSL-VPN that could be exploited by an attacker to perform an unauthorized...
Unspecified Vulnerability in Oracle Java SE JSSE Component
Oracle Java SE is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments. A security vulnerability exists in the JSSE subcomponent of Oracle Java SE, which can be exploited by a remote attacker to construct a malicious WEB page and tric...
CVE-2015-1916
Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider...
CVE-2015-1916
CVE-2015-1916 is an IBM Java SSL/TLS (JSSE) related denial-of-service vulnerability. IBM advisories (e.g., IBMs 734104A523B… and related security bulletins) indicate affected IBM Java SDK/JRE versions used in IBM SAN Volume Controller and Storwize family products. The vulnerability allows a remot...
CVE-2015-1916
Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider...
CVE-2015-1916
Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider...
OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720)
A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly...
Junos Space Network Management Platform SSL Certificate Handling Cross-Site Scripting Vulnerability
Junos Space Network Management Platform is a network management platform solution. A cross-site scripting vulnerability exists in Junos Space Network Management Platform SSL certificate processing, which can be exploited by remote attackers to inject malicious script or HTML code that can be used...