CVE-2026-32290

The CVE-2026-32290 affects the GL-iNet Comet (GL-RM1) KVM. It describes insufficient verification of uploaded firmware, enabling an attacker-in-the-middle or a compromised update server to modify the firmware and the corresponding MD5 hash to pass verification. The document notes local attack vec...

EUVD-2008-3425

Malware in sbrugna...

EUVD-2008-3423

Malware in sbrugna...

EUVD-2008-3419

Malware in sbrugna...

EUVD-2022-51617

Malicious code in bioql PyPI...

CVE-2024-13990

MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle MitM attack and substitute malicious update...

SUSE CVE-2008-3437

OpenOffice.org OOo before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...

SUSE CVE-2008-3440

Sun Java 1.6.003 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...

Rapid7 Nexpose 安全漏洞

Rapid7 Nexpose is a set of vulnerability management software from Rapid7, Inc. that can utilize scanning results to deeply probe the network. The software supports scanning the configuration environment for errors, vulnerabilities, malware, and more. A security vulnerability exists in Rapid7...

CVE-2008-3437

OpenOffice.org OOo before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...

Design/Logic Flaw

nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not properly verify the authenticity of updates, which allows user-assisted remote attackers to execute arbitrary code via a crafted 1 SiteUrl or 2 RedirectUrl parameter that points to a Trojan Horse client.zip update file...

PartyGaming PartyPoker updates spoofing

Cryptography is not used to validate update authenticity...

CVE-2008-3324

The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update...

CVE-2008-3324

CVE-2008-3324 affects PartyGaming PartyPoker client 121/120. The issue is an origin validation/verification failure for updates, allowing remote attackers to perform a man-in-the-middle attack and deliver a Trojan horse update that executes arbitrary code. Exploitation requires impersonating the ...

PT-2008-4730 · Partygaming · Partypoker

Name of the Vulnerable Software and Affected Versions: PartyGaming PartyPoker client program version 121/120 Description: The issue concerns the PartyGaming PartyPoker client program, which fails to properly verify the authenticity of updates. This allows remote man-in-the-middle attackers to...

CVE-2008-3438

Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...

CVE-2008-3440

Sun Java 1.6.003 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...

CVE-2008-3434

Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...

CVE-2008-3437

OpenOffice.org OOo before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...

CVE-2008-3440

Sun Java 1.6.003 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...