Search:Vulnerability:29.11.2003
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
Internet explorer (and others) CA certificate attack
updated since 15.08.2002
Published:
29.11.2003
Source:
BUGTRAQ
SecurityVulns ID:
2227
Type:
m-i-t-m
Level:
5
/10
Description:
For intermediate CA only signature is checked, missed check for basic constaint allows to use any valid certificate as CA certificate.
Affected:
MICROSOFT
:
Office 2000
MICROSOFT
:
Internet Explorer 5.5
MICROSOFT
:
Internet Information Server 5.0
MICROSOFT
:
Internet Explorer 6.0
KDE
:
KDE 3.0
TINYSSL
:
TinySSL 1.03
SUN
:
JSSE 1.0
OPENCA
:
OpenCA 0.9
Original document
Michael Bell
,
[OpenCA Advisory] Vulnerabilities in signature verification
(
29.11.2003
)
Alex Loots
,
Incorrect Certificate Validation in Java Secure Socket Extension
(
28.01.2003
)
MICROSOFT
,
UPDATE: Microsoft Security Bulletin MS02-050: Certificate Validation Flaw Could Enable Identity Spoofing (Q329115)
(
21.11.2002
)
MICROSOFT
,
Security Bulletin MS02-050: Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
(
05.09.2002
)
Mike Benham
,
Outlook S/MIME Vulnerability
(
03.09.2002
)
KDE
,
KDE Security Advisory: Konqueror SSL vulnerability
(
20.08.2002
)
Johan Persson
,
Insufficient Verification of Client Certificates in IIS 5.0 pre sp3
(
20.08.2002
)
Adam Megacz
,
TinySSL Vendor Statement: Basic Constraints Vulnerability
(
15.08.2002
)
Mike Benham
,
IE SSL Vulnerability
(
15.08.2002
)
Files:
IE SSL Exploit
Discuss:
Read or add your comments to this news (0 comments)
CGI bugs
updated since 25.11.2003
Published:
29.11.2003
Source:
SecurityVulns ID:
3280
Type:
remote
Level:
5
/10
Affected:
COMMERCESQL
:
CommerceSQL
VIENUKE
:
VieBoard 2.6
LOTTASOPHIE
:
My_eGallery 3.1
CBVFD
:
Guestbook 1.2
PHPBB
:
phpBB 2.06
Original document
Hat-Squad Security Team
,
[Hat-Squad] phpBB search_id injection exploit
(
29.11.2003
)
n.teusink_(at)_planet.nl
,
phpBB 2.06 search.php SQL injection
(
28.11.2003
)
BrainRawt
,
RNN's Guestbook 1.2 Multiple Vulnerabilities
(
28.11.2003
)
Bojan Zdrnja
,
Remote execution in My_eGallery
(
27.11.2003
)
Manuel [ekerazha]
,
[Full-Disclosure] VieNuke VieBoard SQL Injection Vulnerability... again
(
25.11.2003
)
Mariusz Ciesla
,
[CommerceSQL] Remote File Read Vulnerability
(
25.11.2003
)
Files:
phpBB v<=2.06 search_id sql injection exploit (POC version)
Discuss:
Read or add your comments to this news (0 comments)
Applied Watch protection bypass
Published:
29.11.2003
Source:
BUGTRAQ
SecurityVulns ID:
3287
Type:
remote
Level:
6
/10
Description:
It's possible to add new users or IDS rules without authentication.
Affected:
APPLIEDWATCH
:
Applied Watch Server 1.4
Original document
Bugtraq Security Systems
,
Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)
(
29.11.2003
)
Files:
Applied Watch adding new user exploit
Applied Watch adding new rule exploit
Discuss:
Read or add your comments to this news (0 comments)
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Enter your search terms
Web
securityvulns.com
Submit search form
