4160 matches found
CVE-2014-0350
The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...
CVE-2014-0350
The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...
DEBIAN-CVE-2014-2653
The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate...
CVE-2014-2653
The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate...
PHPMYWIND Sql Injection #2
简要描述: 过滤不严。 详细说明: PHPMyWind\data\alipay\notifyurl.php中 $alipayNotify = new AlipayNotify$alipayconfig; $verifyresult = $alipayNotify-verifyNotify; if$verifyresult //验证成功...
CVE-2011-3634
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors...
DEBIAN-CVE-2011-3634
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors...
PT-2014-2155 · Debian · Apt
Name of the Vulnerable Software and Affected Versions: apt versions prior to 0.8.11 Description: The issue allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors when the certificate host name fails validation and Verify-Host is enabled. Recommendations: For...
nss: CERT_VerifyCert returns SECSuccess (saying certificate is good) even for bad certificates (MFSA 2013-103)
The CERTVerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services NSS 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access...
CVE-2012-6626
The CVE-2012-6626 entry concerns a SQL injection in verify-user.php of b2ePMS 1.0 where the username field can be exploited to execute arbitrary SQL commands. Affected software: b2ePMS 1.0 (verify-user.php). Underlying cause: input from the username field is not properly sanitized, enabling injec...
UBUNTU-CVE-2013-4566
modnss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions...
nss: CERT_VerifyCert returns SECSuccess (saying certificate is good) even for bad certificates (MFSA 2013-103)
The CERTVerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services NSS 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access...
mod_nss: incorrect handling of NSSVerifyClient in directory context
modnss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions...
CVE-2013-5606
The CERTVerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services NSS 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access...
Firefox < 25.0.1 NSS and NSPR Multiple Vulnerabilities (Mac OS X)
The installed version of Firefox is a version prior to 25.0.1 and is, therefore, potentially affected by the following vulnerabilities : - An error exists related to handling input greater than half the maximum size of the 'PRUint32' value. CVE-2013-1741 - An error exists in the 'NullCipher'...
cert name check ignore OpenSSL
libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. libcurl offers two separate and independent options for verifying a server's TLS certificate. CURLOPTSSLVERIFYPEER and CURLOPTSSLVERIFYHOST. T...
Fedora Update for rubygem-ruby-openid FEDORA-2013-20260
Check for the Version of rubygem-ruby-openid OpenVAS Vulnerability Test Fedora Update for rubygem-ruby-openid FEDORA-2013-20260 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/...
GLSA-201310-01 : Perl Module-Signature module: Arbitrary code execution
The remote host is affected by the vulnerability described in GLSA-201310-01 Perl Module-Signature module: Arbitrary code execution The cpansign verify command will automatically download keys and use them to check the signature of CPAN packages via the SIGNATURE file. If an attacker were to...
CVE-2013-1909
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2013-2145
The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/...