Searching pgp software vulnerabilities

The command port for PGP Certificate Server 2.5

Certificate | command | Server | port | PGP |

The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows remote attackers to cause a denial of service if their hostname does not have a reverse DNS entry and they connect to port 4000.


pgp4pine Pine/PGP interface version 1.75-6 does

interface | obtaining | properly | Pine/PGP | pgp4pine | Privacy | expired | version | public | Guard | check | 175-6 | does | keys | Gnu | via | see | not | has | key |

pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext.


The OpenPGP PGP standard allows an attacker to

cryptanalytic | determine | signature | encrypted | attacker | standard | captures | message | OpenPGP | private | alters | signed | single | allows | attack | which | file | PGP | key | via |

The OpenPGP PGP standard allows an attacker to determine the private signature key via a cryptanalytic attack in which the attacker alters the encrypted private key file and captures a single message signed with the signature key.


The split key mechanism used by PGP 7.0 allows

authenticate | passphrases | passphrase | capturing | mechanism | setting | holders | allows | "Cache | option | logged | obtain | holder | access | entire | share | other | while | split | used | they | key | on" | PGP |

The split key mechanism used by PGP 7.0 allows a key share holder to obtain access to the entire key by setting the "Cache passphrase while logged on" option and capturing the passphrases of other share holders as they authenticate.


Network Associates PGP Keyserver 7.0 allows rem

Associates | Keyserver | attackers | Network | service | denial | allows | remote | cause | PGP |

Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite.


PGP Security PGPfire 7.1 for Windows alters the

determine | attackers | system's | modifies | messages | Security | packets | running | Windows | PGPfire | system | allows | remote | TCP/IP | alters | stack | error | ICMP | PGP | way |

PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire.


Microsoft Outlook plug-in PGP version 7.0, 7.0.

Microsoft | version | plug-in | Outlook | PGP |

Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.


Network Associates PGP 7.0.4 and 7.1 does not t

Associates | Network | PGP |

Network Associates PGP 7.0.4 and 7.1 does not time out according to the value set in the "Passphrase Cache" option, which could allow attackers to open encrypted files without providing a passphrase.


PGP 6.x and 7.x does not clear Windows alternat

information | alternate | sensitive | attackers | attached | supposed | recover | systems | Windows | deleted | streams | allows | which | files | clear | data | does | file | NTFS | PGP | not |

PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.


The G/PGP (GPG) Plugin 2.1 and earlier for Squi

G/PGP |

The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. NOTE: this issue may overlap CVE-2007-3636.


The Wipe Free Space utility in PGP Desktop Home

Professional | utility | Desktop | Space | Home | Wipe | Free | PGP |

The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last cluster for the file, which allows local users to access the previous contents of the disk.


Multiple directory traversal vulnerabilities in

vulnerabilities | traversal | directory | Multiple | G/PGP |

Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before Thursday, June 14, 2007, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php.


PGP Desktop before 9.5.1 does not validate data

Desktop | before | PGP |

PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address.


Unspecified vulnerability in the G/PGP (GPG) Pl

vulnerability | Unspecified | G/PGP |

Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.


Multiple unspecified vulnerabilities in the G/P

vulnerabilities | unspecified | Multiple | G/PGP |

Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-3634.


Multiple unspecified vulnerabilities in the G/P

vulnerabilities | unspecified | Multiple | G/PGP |

Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.


The G/PGP (GPG) Plugin 2.0, and 2.1dev before 2

G/PGP |

The G/PGP (GPG) Plugin 2.0, and 2.1dev before Tuesday, September 12, 2006, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. NOTE: a parameter value can be set in the contents of an e-mail message.


PHP local file inclusion vulnerability in gpg_p

gpg_pop_initphp | vulnerability | inclusion | G/PGP | local | file | PHP |

PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before Saturday, July 07, 2007 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter.


Software vulnerabilities results 1 to 19 of 19     
Page: 1