Fake valid SSL certificate creation attack was successfully demonstrated
Published:		31.12.2008
Source:		PHREEDOM
SecurityVulns ID:		9553
Type:		library
Level:		8/10
Description:		Valid fake SSL certificate creation attack was demonstratedby exploiting MD5 collisions and RapidSSL certificate generation procedures. The cost of attack is appoximately $2000.

Files:		MD5 Considered Harmful Today Creating a rogue CA certificate
Discuss:		Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		31.12.2008
Source:
SecurityVulns ID:		9554
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: automated account registration, DoS.

Affected:		POWERPHLOGGER : Power Phlogger 2.2
		MEGACUBO : Megacubo 5.0

Original document		MustLive, New vulnerabilities in Power Phlogger (31.12.2008)
		the.dumenci_(at)_gmail.com, php-nuke 8.0 module sections artid blind sql inj vuln. (31.12.2008)
		pyro_(at)_nospam.it, Megacubo 5.0.7 (mega://) remote eval() injection exploit (31.12.2008)

Discuss:

Read or add your comments to this news (0 comments)