signature software vulnerabilities
vulnerabilities.aspcode.net
Searching signature software vulnerabilities
fcheck prior to 2.57.59 calls the file signatur
fcheck
|
prior
|
fcheck prior to 2.57.59 calls the file signature checking program insecurely, which can allow a local user to run arbitrary commands via a file name that contains shell metacharacters.
The OpenPGP PGP standard allows an attacker to
cryptanalytic
|
determine
|
signature
|
encrypted
|
attacker
|
standard
|
captures
|
message
|
OpenPGP
|
private
|
alters
|
signed
|
single
|
allows
|
attack
|
which
|
file
|
PGP
|
key
|
via
|
The OpenPGP PGP standard allows an attacker to determine the private signature key via a cryptanalytic attack in which the attacker alters the encrypted private key file and captures a single message signed with the signature key.
The digital signature mechanism for the Adobe A
executable
|
arbitrary
|
attackers
|
certified
|
signature
|
mechanism
|
verifies
|
plug-in
|
digital
|
Acrobat
|
execute
|
making
|
viewer
|
appear
|
signed
|
header
|
Adobe
|
which
|
allow
|
mode
|
only
|
code
|
PDF
|
can
|
The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.
The default --checksig setting in RPM Package M
--checksig
|
Package
|
Manager
|
default
|
setting
|
RPM
|
The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source.
GnuPG (GPG) 1.0.2, and other versions up to 1.2
GnuPG
|
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
X.509 Certificate Signature Verification in Gnu
Verification
|
Certificate
|
transport
|
Signature
|
security
|
library
|
layer
|
X509
|
Gnu
|
X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.
aStats 1.6.5 allows local users to overwrite ar
aStats
|
aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-Graphic-Signature-Generation file and (2) certain PNG image files.
A "mathematical flaw" in the implementation of
implementation
|
"mathematical
|
LibTomCrypt
|
signature
|
algorithm
|
flaw"
|
Gamal
|
A "mathematical flaw" in the implementation of the El Gamal signature algorithm for LibTomCrypt 1.0 to 1.0.2 allows attackers to generate valid signatures without having the private key.
Cross-site scripting (XSS) vulnerability in Lan
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) allows remote attackers to inject arbitrary web script or HTML via a signature.
The default configuration on OpenSSL before 0.9
configuration
|
OpenSSL
|
default
|
before
|
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptorgaphically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.
SQL injection vulnerability in usercp_register.
usercp_registerphp
|
vulnerability
|
injection
|
phpBB
|
SQL
|
SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized.
usercp_register.php in phpBB 2.0.17 allows remo
usercp_registerphp
|
phpBB
|
usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement.
gpgv in GnuPG before 1.4.2.1, when using unatte
before
|
GnuPG
|
gpgv
|
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
Stack-based buffer overflow in the createPKCS10
createPKCS10
|
Cryptomathic
|
Stack-based
|
function
|
overflow
|
ActiveX
|
Control
|
Cenroll
|
buffer
|
Stack-based buffer overflow in the createPKCS10 function in Cryptomathic Cenroll ActiveX Control 1.1.0.0 allows remote attackers to execute arbitrary code via vectors related to the TDC Digital signature.
register.php in Ultimate PHP Board (UPB) 1.9.6
registerphp
|
Ultimate
|
Board
|
PHP
|
register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the "[NR]" sequence in the signature field, which is used to separate multiple records.
The libksba library 0.9.12 and possibly other v
library
|
libksba
|
The libksba library 0.9.12 and possibly other versions, as used by gpgsm in the newpg package on SUSE LINUX, allows attackers to cause a denial of service (application crash) via a malformed X.509 certificate in a signature.
Buffer overflow in NTLM authentication in MailE
authentication
|
Professional
|
MailEnable
|
Enterprise
|
signature
|
attackers
|
messages"
|
arbitrary
|
overflow
|
execute
|
Buffer
|
remote
|
allows
|
field
|
Type
|
NTLM
|
code
|
"the
|
via
|
Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitrary code via "the signature field of NTLM Type 1 messages".
IBM Lotus Domino 7.0.x before 7.0.3 does not re
Domino
|
before
|
Lotus
|
IBM
|
70x
|
IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database.
The ATOMIC.TCP signature engine in the Intrusio
Prevention
|
Intrusion
|
ATOMICTCP
|
signature
|
System
|
engine
|
The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature.
Cross-site scripting (XSS) vulnerability in Goo
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature.
Software vulnerabilities results 1 to 20 of 57
Page:
1
2
3
►