Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-25135PUBLISHED: 2023-02-03
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are...
CVE-2022-4634PUBLISHED: 2023-02-03All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-0123PUBLISHED: 2023-02-03Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.
CVE-2023-0124PUBLISHED: 2023-02-03Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.
CVE-2023-24613PUBLISHED: 2023-02-03
The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend bin...
User Rank: Ninja
5/29/2015 | 8:49:57 AM
over the yars PGP has been depreciated by its detractors as "too complex"
Complex systems such as PGP can be made usable by everyone -- just like a "smart phone" -- by means of packaged technology: wrapping the technology in an easy to use human interface -- often called a "GUI" -- or GUI Dialog
Roots
On paper we sign our name with pen&ink. and that signature is characterized by the individual signer,-- pretty hard to duplicate except by a highly skilled forger. even so, with Notaries or witnesses -- the pen& ink signature has been reliable for years.
but in our online digital networks -- whe have -- nothing
except that PGP has been available since the '90s -- and not adopted for general use due to opposition from interests opposed to privacy and security and such
we may now have reached a tipping point where we will have to admit our error and mend our ways
the key factor needed to implement PGP authentications is explanded authentications. Your PGP Public Key needs to be authenticated by a reliable party in order for your signatures to be recognized as valid. Keep these words in mind: In order for your signature to be recognized as valid. This also requires an assurance that YOU made the signature -- not a some scamster. This is possible with PGP because PGP provides both a Public and Private key for each user. The private key is required to make a signature while the public key is required to recognize(authenticate) a signature.
Exactly what we need!
The only issue is in getting the Public Keys authenticated. This should become a service offered by local Credit Unions and Banks. After you generate your key you take it to the Credit Union. They check your ID and then counter-sign it and upload it to the keyserver.
Now you will be able to authenticate your 1040, online banking, shopping &c
SSL/TLS is not acceptable: it is a half-baked system: The server is able to identify itself -- but not the client. Even the server's ID is questionable as the client has only marginal trust for x.509 certificates: he or she has NOT verified and countersigned the x.509 certificates he/she needs to use. This is what enables MITM attacks.