Important: Red Hat Security Advisory: devtoolset-2-httpcomponents-client security update

Updated devtoolset-2-httpcomponents-client packages that fix one security issue are now available for Red Hat Developer Toolset 2. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

http-waf-detect NSE Script

Attempts to determine whether a web server is protected by an IPS Intrusion Prevention System, IDS Intrusion Detection System or WAF Web Application Firewall by probing the web server with malicious payloads and detecting changes in the response code and body. To do this the script will send a...

Restricted Web Pages Detection

Nessus identified some web pages that cannot be reached when the user is not logged in. These pages will be used to maintain the web session. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid52973; scriptversion"1.5"; scriptsetattributeattribute:"pluginmodificationdate"...

CVE-2008-0210

Affected software: Uebimiau Webmail 2.7.10 and 2.7.2. The CVE-2008-0210 issue arises from improper protection of authentication state variables, allowing remote attackers to bypass authentication via a sess[auth]=1 parameter. This can enable authenticated- or unauthenticated-access scenarios, and...

Net: HTTP insufficient verification of SSL certificate

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

asp,PHP and. net forge HTTP-REFERER method and forgery preventing REFERER-bug warning-the black bar safety net

HTTP-REFERER this variable has been increasingly unreliable, and completely is what can be forged out of the stuff. The following is the forged method: ASP/Visual Basic code dim http set http=server. createobject"MSXML2. XMLHTTP" '//MSXML2. serverXMLHTTP also can Http. open "GET",url,false Http...

CVE-2006-6440

Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allow remote attackers to have an unspecified impact via unspecified vectors relating to "HTTP Security issues."...

CVE-2006-6440

The CVE-2006-6440 entry concerns Xerox WorkCentre / WorkCentre Pro devices. Affected products include Xerox WorkCentre models with versions before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000. The vulnerabilities are described as multiple unspecified issues that permit ...

CVE-2006-6440

Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allow remote attackers to have an unspecified impact via unspecified vectors relating to "HTTP Security issues."...

CVE-2002-1986

Perception LiteServe 2.0–2.0.1 is vulnerable to an information disclosure where a remote attacker can obtain the source code of CGI scripts by making an HTTP request containing a trailing dot. The description specifies the affected software and the attack pattern but does not provide root-cause d...

Accipiter Direct Server directory traversal

HTTP directory traversal...

Несанкционированный доступ через HTTP в Cisco (unauthorized access).

Можно обойти проверку имени/пароля пользователя...