Skip to main content

Tags Security Advisory

Armorlogic Profense WAF: multiple vulnerabilities

Published on May 13, 2009 in , , , ,

An advisory by EnableSecurity. Trustwave published a joint advisory named TWSL2009-001.

Description

Armorlogic Profense is a Web Application Firewall and load balancing solution.

From their website (armorlogic.com):

“Protecting and securing websites and web applications can be a complicated business. Profense web application firewall simplifies protection with an affordable and easy to use, feature rich, solution that gives you full PCI DSS 1.1 and 1.2 section 6.6 compliance.”

Read more about Armorlogic Profense WAF: multiple vulnerabilities

OpenX: multiple vulnerabilities

Published on Apr 1, 2009 in , , ,

An advisory by EnableSecurity in collaboration with Acunetix.

Description

OpenX is an online advertising web application written in PHP that supports popular sites such as TechCrunch, SUN Microsystems and Metacafe.

From their website (openx.org):

“OpenX is a free, open source ad server that manages the selling and delivery of your online advertising inventory. You can get OpenX as a hosted service or as downloaded software.”

Read more about OpenX: multiple vulnerabilities

Apple Mail.app: S/MIME encrypted emails stored in clear text

Published on Oct 3, 2008 in ,

  • Affected version: 3.5 (929.4/929.2)
  • Unaffected version: Unknown

Summary

Apple Mail.app does not store S/MIME encrypted emails securely in the Drafts directory on server.

Impact

The assumption that the server does not have access to the email content is violated.

Description

Apple’s Mail.app is the default email application that comes with Mac OS X machines. It supports S/MIME as standard for encryption and authentication of emails. However by default Mail.app also has an option called “Store draft messages on the server” when you are making use of an IMAP or Exchange server.

Read more about Apple Mail.app: S/MIME encrypted emails stored in clear text

Subscribe

Receive high-quality, low-volume RTC security research, news and occasional updates about what we're up to.

Interested in our services? Let's collaborate.
Get in touch

We hate spam and are committed to protecting and respecting your privacy. You can unsubscribe from our communications at any time. By subscribing, you are agreeing to the Privacy Policy.