Lucene search
K

31 matches found

Veracode
Veracode
added 2020/04/10 12:13 a.m.39 views

Spoofable SSL Certificate

SeaMonkey is vulnerable to spoofable SSL certificate. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. SeaMonkey as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could hav...

4CVSS2.6AI score0.02145EPSS
Exploits0References192Affected Software4
Veracode
Veracode
added 2020/03/27 2:27 a.m.31 views

Spoofable User Session

kiali uses spoofable user session. The attack is possible due to Insufficient JWT Session Expiration validation, leading to Session Fixation and privilege escalation...

8.6CVSS3AI score0.01125EPSS
Exploits0References5Affected Software2
Veracode
Veracode
added 2019/05/02 5:34 a.m.34 views

Spoofable UI

firefox is vulnerable to spoofable UI. The vulnerability exists as it was possible to spoof the address bar via a SELECT element with a persistent menu...

6.5CVSS7.1AI score0.02026EPSS
Exploits0References13Affected Software1
Veracode
Veracode
added 2019/05/02 4:46 a.m.31 views

Spoofable Tokens

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...

10CVSS6AI score0.04112EPSS
Exploits1References33Affected Software189
Veracode
Veracode
added 2019/01/15 9:7 a.m.16 views

Spoofable ECDSA Signatures

nss-softokn is vulnerable to spoofable ECDSA signatures. The vulnerability exists as Mozilla Network Security Services NSS before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve...

4.3CVSS4.6AI score0.03594EPSS
Exploits0References24Affected Software2
Veracode
Veracode
added 2019/01/15 9:1 a.m.20 views

Spoofable RSA Signatures

nss is vulnerable to spoofable RSA signature attacks. The vulnerability exists as Mozilla Network Security Services NSS before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla...

7.5CVSS5.5AI score0.1617EPSS
Exploits0References36Affected Software3
Veracode
Veracode
added 2019/01/15 8:59 a.m.26 views

Spoofable XML Signature

Apache Santuario XML Security is vulnerable to Spoofable XML Signature. The use of weak CanonicalizationMethod in jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an...

4.3CVSS6AI score0.0593EPSS
Exploits1References28Affected Software98
Veracode
Veracode
added 2019/01/15 8:51 a.m.22 views

Spoofable Domains

jabberd is vulnerable to spoofable domains. The vulnerability exists as s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...

5.8CVSS6AI score0.0173EPSS
Exploits1References15Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Microsoft Internet Explorer 5.5/6.0 Spoofable File Extensions Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3597/info It is possible for a malicious webmaster, hosting files on an website, to spoof file extensions for users of Internet Explorer. For example, an .exe file can be made to look like a .txt or other seemingly harmle...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

Microsoft Outlook Express 5/6 Spoofable File Extensions Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5277/info It is possible for a malicious user, sending email via a mail agent capable of manipulating the MIME headers, to spoof file extensions for users of Outlook Express. For example, an .exe file can be made to look...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.52 views

Multiple phone systems unauthorized voice mail access

Spoofable Caller ID CNID is used for access authentication...

10CVSS3.1AI score0.03058EPSS
Exploits0
Rows per page
Query Builder