CVE-2006-0049

gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different...

CVE-2006-0049

gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different...

GnuPG unsigned data injection

While decoding non-detached with signature within text messages unsigned data behind signature is invalidely decoded as a part of the messages...

GnuPG does not detect injection of unsigned data

GnuPG does not detect injection of unsigned data ================================================ released 2006-03-09, CVE-2006-0049 Summary ======= In the aftermath of the false positive signature verfication bug announced 2006-02-15 more thorough testing of the fix has been done and another...

GnuPG does not detect injection of unsigned data

Werner Koch reports: In the aftermath of the false positive signature verfication bug announced 2006-02-15 more thorough testing of the fix has been done and another vulnerability has been detected. This new problem affects the use of gpg for verification of signatures which are not detached...

ASP.NET __VIEWSTATE function replay attack

Data is stored signed on client side, but host name and timestamp are not part of signed data...