osp cert software vulnerabilities
vulnerabilities.aspcode.net
Searching osp cert software vulnerabilities
Microsoft Internet Explorer 6.0, when handling
man-in-the-middle
|
certificate
|
webserver's
|
handshake
|
searching
|
attackers
|
Microsoft
|
handling
|
Explorer
|
Internet
|
perform
|
expired
|
CA-CERT
|
SSL/TLS
|
finding
|
before
|
during
|
attack
|
prompt
|
chain
|
allow
|
newer
|
which
|
does
|
user
|
not
|
may
|
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability.
isakmpd in OpenBSD 3.4 and earlier allows remot
demonstrated
|
operation
|
attackers
|
underflow
|
malformed
|
Protocol
|
properly
|
payload
|
Request
|
handled
|
Striker
|
integer
|
earlier
|
service
|
isakmpd
|
OpenBSD
|
malloc
|
allows
|
remote
|
denial
|
ISAKMP
|
causes
|
packet
|
which
|
cause
|
Suite
|
used
|
Cert
|
Test
|
not
|
via
|
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via a an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite.
The cert_TestHostName function in Mozilla befor
cert_TestHostName
|
Thunderbird
|
certificate
|
qualified
|
hostname
|
function
|
portion
|
Mozilla
|
Firefox
|
domain
|
before
|
checks
|
fully
|
only
|
name
|
URI
|
not
|
The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.
viewcert.php in the S/MIME plugin 0.4 and 0.5 f
metacharacters
|
Squirrelmail
|
viewcertphp
|
arbitrary
|
attackers
|
parameter
|
commands
|
execute
|
S/MIME
|
plugin
|
remote
|
allows
|
shell
|
cert
|
via
|
viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the cert parameter.
Microsoft Internet Explorer 5.01, 5.5, and 6 al
Microsoft
|
Explorer
|
Internet
|
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.
The RSA Crypto-C before 6.3.1 and Cert-C before
Crypto-C
|
before
|
RSA
|
The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.
Buffer overflow in the validateospheader functi
validateospheader
|
Settlement
|
Protocol
|
function
|
overflow
|
Buffer
|
Open
|
Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header.
PHP remote file inclusion vulnerability in admi
administration/user/lib/groupincphp
|
OpenSurveyPilot
|
vulnerability
|
inclusion
|
remote
|
file
|
PHP
|
PHP remote file inclusion vulnerability in administration/user/lib/group.inc.php in OpenSurveyPilot (osp) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathToProjectAdmin parameter.
Software vulnerabilities results 1 to 9 of 9
Page:
1