57 matches found
SUSE-SU-2019:1450-1 Security update for Cloud7 packages
This update provides fixes for the following packages issues: caasp-openstack-heat-templates: - Update to version 1.0+git.1553079189.3bf8922: SCRD-2813 Add support for CPI parameters - Update to version 1.0+git.1547562889.43707e7: Switch LB protocol from HTTP to HTTPS crowbar: - Update to version...
The vulnerability of the NX-API network operating system function of Cisco NX-OS routers allows attackers to execute arbitrary commands.
The vulnerability of the NX-API network operating system function in Cisco NX-OS routers is related to the lack of measures for input data sanitization. Exploiting this vulnerability allows a malicious actor to remotely execute arbitrary commands with superuser privileges by sending malicious HTT...
Security Bulletin: A vulnerability in the Firefox component of the Synthetic Playback agent affects IBM Performance Management products.
Summary Multiple browsers could allow a remote attacker to obtain sensitive information, caused by the failure to consider the role of the TCP congestion window in providing information about content length by the HTTPS protocol or by the HTTP/2 protocol. By visiting a Web site owned by a malicio...
Paragon Initiative Enterprises: Using plain git protocol (vulnerable to MITM)
Using plain git protocol git://domain is insecure as the server is not verified MITM attacker can return different content if last commit not checked against known one more information about this issue Protocols to choose from when cloning: https://gist.github.com/grawity/4392747...
OmniMetrix OmniView Vulnerabilities
OVERVIEW Bill Voltmer of Elation Technologies LLC has identified vulnerabilities in OmniMetrix’s OmniView web application. OmniMetrix has produced a new software version for its web interface that mitigates these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCT...
CVE-2016-7152
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack...
Moodle 2.0.x < 2.0.10 Multiple Vulnerabilities
Binary data 9403.prm...
ownCloud: apps.owncloud.com: SSL Session cookie without secure flag set
URL: https://apps.owncloud.com/usermanager/login.php Issue detail The following cookie was issued by the application and does not have the secure flag set: PHPSESSID=27caghhkfjvuso3mmiqajqt2n4; path=/; HttpOnly The cookie appears to contain a session token, which may increase the risk associated...
DSA-3240-1 curl - security update
Bulletin has no description...
WordPress Marketplace 2.4.0 Add Administrator
!/usr/bin/python Exploit Name: WP Marketplace 2.4.0 Remote Command Execution Vulnerability discovered by Kacper Szurek http://security.szurek.pl Exploit written by Claudio Viviani -------------------------------------------------------------------- The vulnerable function is located on...
Automattic: Serving Transitions From: HTTP Protocol (not secure)
Dear Sir, I've Noticed from your SourceCode that you are using HTTP Protocol, and that will makes Insecure served for data transition. we will give the attacker a chance for "MIMT" man in the middle attack as you know that the name of the attack itself explain the steps. -check the source code of...
WordPress Cookie handling process can lead to account hijacking-vulnerability warning-the black bar safety net
! Write ahead: This is actually a cookie transmission does not use the https problem, the most natural of seemingly unrelated picture, but in front of a burst of lead to ebay account disclosure of intrusion events, also has this vulnerability in the shadow. ps: looks like this hack was a girl...
A jingdong log security vulnerabilities-vulnerability warning-the black bar safety net
Table of Contents 1 Introduction 2 the inspection process 3 Summary 1 Introduction Recently looking at an open source site code, found if the login page via the http Protocol requests, will be redirected to use the https Protocol of the url, so you can ensure login security. Today a whim, want to...
NASA SSL Digital Certificate hacked by Iranian Hackers
NASA SSL Digital Certificate hacked by Iranian Hackers Iranian hackers 'Cyber Warriors Team' announced in an online post that it compromised an SSL certificate belonging to NASA and subsequently accessed information on thousands of NASA researchers. A space agency representative revealed that...
Iran Shutdown Google ,Yahoo & other Major sites using Https Protocol
Iran Shutdown Google ,Yahoo & other Major sites using Https Protocol We Received latest reports from Iran ,Governments has blocked access to the major sites plus websites using certain Https protocol like Gmail, Google ,Yahoo. On the eve of the anniversary of the revolution that overthrew the...
Cisco Security Advisory: Vulnerability in Cisco IOS While Processing SSL Packet
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Vulnerability in Cisco IOS While Processing SSL Packet Advisory ID: cisco-sa-20080924-ssl http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml Revision 1.0 For Public Release 2008 September 24 1600 UTC GMT -...
Advanced Poll 2.0.5-dev - Remote Admin Session Generator
!/usr/bin/perl -w Advanced Poll 2.0.0 = 2.0.5-dev textfile admin session gen. 0day! KEEP IT PRIVATE 0day! date: 30/07/06 diwou PHCKSEC c 2001-2006. see templates for code execution ;. use strict; use warnings; use LWP::UserAgent; use MD5; my...