Page 2 of 24 results (0.005 seconds)

CVSS: 7.1EPSS: 7%CPEs: 1EXPL: 0

PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address. PHP Desktop anterior a 9.5.1 no valida los objetos de datos recibidos por la (1) tubería con nombre \pipe\pgpserv para PGPServ.exe o (2) la tubería con nombre \pipe\pgpsdkserv para PGPsdkServ.exe, lo cual permite a usuarios autenticados remotamente obtener privilegios enviando un objeto de datos representando un puntero absoluto, lo cual provoca la ejecución del código en la dirección correspondiente. • http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0025.html http://osvdb.org/32969 http://osvdb.org/32970 http://secunia.com/advisories/23938 http://securityreason.com/securityalert/2203 http://securitytracker.com/id?1017563 http://www.kb.cert.org/vuls/id/102465 http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-pgp-desktop http://www.securityfocus.com/archive/1/458137/100/0/threaded http://www.securityfocus.com/bid/22247 http://www.vupen.com/english •

CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 2

The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last cluster for the file, which allows local users to access the previous contents of the disk. • http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html http://metasploit.com/research/vulns/pgp_slackspace http://secunia.com/advisories/17827 http://www.osvdb.org/21569 http://www.securityfocus.com/archive/1/419077/100/0/threaded http://www.securityfocus.com/archive/1/419282/100/0/threaded http://www.securityfocus.com/archive/1/419654/100/0/threaded http://www.securityfocus.com/bid/15784 •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message. • http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=528 http://www.securityfocus.com/bid/3825 https://exchange.xforce.ibmcloud.com/vulnerabilities/7900 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

Network Associates PGP 7.0.4 and 7.1 does not time out according to the value set in the "Passphrase Cache" option, which could allow attackers to open encrypted files without providing a passphrase. • http://archives.neohapsis.com/archives/bugtraq/2002-07/0313.html http://archives.neohapsis.com/archives/bugtraq/2002-07/0322.html http://www.iss.net/security_center/static/9690.php http://www.securityfocus.com/bid/5318 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. • http://www.ciac.org/ciac/bulletins/m-034.shtml http://www.iss.net/security_center/static/7953.php http://www.securityfocus.com/archive/1/251565 http://www.securityfocus.com/bid/3912 http://www.seifried.org/security/advisories/kssa-003.html • CWE-459: Incomplete Cleanup •