31 matches found
Spoofable SSL Certificate
SeaMonkey is vulnerable to spoofable SSL certificate. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. SeaMonkey as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could hav...
Spoofable User Session
kiali uses spoofable user session. The attack is possible due to Insufficient JWT Session Expiration validation, leading to Session Fixation and privilege escalation...
Spoofable UI
firefox is vulnerable to spoofable UI. The vulnerability exists as it was possible to spoof the address bar via a SELECT element with a persistent menu...
Spoofable Tokens
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
Spoofable ECDSA Signatures
nss-softokn is vulnerable to spoofable ECDSA signatures. The vulnerability exists as Mozilla Network Security Services NSS before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve...
Spoofable RSA Signatures
nss is vulnerable to spoofable RSA signature attacks. The vulnerability exists as Mozilla Network Security Services NSS before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla...
Spoofable XML Signature
Apache Santuario XML Security is vulnerable to Spoofable XML Signature. The use of weak CanonicalizationMethod in jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an...
Spoofable Domains
jabberd is vulnerable to spoofable domains. The vulnerability exists as s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...
Microsoft Internet Explorer 5.5/6.0 Spoofable File Extensions Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3597/info It is possible for a malicious webmaster, hosting files on an website, to spoof file extensions for users of Internet Explorer. For example, an .exe file can be made to look like a .txt or other seemingly harmle...
Microsoft Outlook Express 5/6 Spoofable File Extensions Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5277/info It is possible for a malicious user, sending email via a mail agent capable of manipulating the MIME headers, to spoof file extensions for users of Outlook Express. For example, an .exe file can be made to look...
Multiple phone systems unauthorized voice mail access
Spoofable Caller ID CNID is used for access authentication...