IOT security: LED lights there are multiple security vulnerabilities-vulnerability warning-the black bar safety net

Recently, there are foreign security experts found Zengge company WIFI LED lamp in the presence of a plurality of security vulnerabilities. Shenzhen levy Aurora Mega science and technologyZENGGE is a set of LED Controller product development, manufacturing, sales and engineering design,...

Hackable HTTP proxy: Toxy

toxy is a fully programmatic and hackable HTTP proxy to simulate server failure scenarios and unexpected network conditions It was mainly designed for fuzzing/evil testing purposes, when toxy becomes particularly useful to cover fault tolerance and resiliency capabilities of a system, especially ...

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

CentOS Errata and Security Advisory CESA-2015:1667 Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

Use integrated Windows Auth for Proxy Authentication

Hi, I'm looking to secure access to the internet via an authenticated proxy and would like to avoid username passwords within init strings. https://confluence.atlassian.com/display/JIRAKB/How+to+Configure+an+Outbound+HTTP+and+HTTPS+Proxy+for+JIRA describes a scenario where this may be possible,...

Scientific Linux Security Update : curl on SL6.x i386/x86_64 (20150722)

It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issu...

Babun - A Windows shell you will love!

Would you like to use a linux-like console on a Windows host without a lot of fuzz? Try out babun! Installation Just download the dist file from http://babun.github.io, unzip it and run the install.bat script. After a few minutes babun starts automatically. The application will be installed to th...

[SECURITY] Fedora 22 Update: trafficserver-5.3.0-1.fc22

Apache Traffic Server is a fast, scalable and extensible HTTP/1.1 compliant caching proxy server...

Nikto2 - Web Server Scanner

Nikto is an Open Source GPL web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks...

Ultimate Member 1.2.98-1.2.994 - Reflected Cross-Site Scripting (XSS)

The Ultimate Member plugin utilizes the Redux Framework. The Redux Framework includes a script named ‘class.p.php’, which acts as a HTTP proxy. Utilizing this script, it is possible to trigger a Reflected XSS attack, by loading data from a location controlled by the attacker. The data from this...

I2P - The Invisible Internet Project

I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other. The network itself is strictly message based a la IP, but there is a library available to allow reliable streaming communication on top of it a la TCP. All...

HTTP Proxy Detection

Binary data 8772.prm...

CURL-CVE-2015-3153 sensitive HTTP server headers also sent to proxies

libcurl provides applications a way to set custom HTTP headers to be sent to the server by using CURLOPTHTTPHEADER. A similar option is available for the curl command-line tool with the '--header' option. When the connection passes through an HTTP proxy the same set of headers is sent to the prox...

VPN Tunnel Detection via HTTP CONNECT

Binary data 3177.prm...

Commix - Automated All-in-One OS Command Injection and Exploitation Tool

Commix short for command injection exploiter has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, ...

Mandriva Linux Security Advisory : curl (MDVSA-2015:098)

Updated curl packages fix security vulnerabilities : Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user CVE-2014-0015...

Debian DLA-134-1 : curl security update

Andrey Labunets of Facebook discovered that cURL, an URL transfer library, fails to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to do additional requests in...

Debian DLA-142-1 : privoxy security update

Several vulnerabilities have been fixed in privoxy, a privacy enhancing HTTP proxy : CVE-2015-1031, CID66394 : unmap: Prevent use-after-free if the map only consists of one item. CVE-2015-1031, CID66376 and CID66391 : pcrsexecute: Consistently set result to NULL in case of errors. Should make...

Google Chrome cookie injection attack vulnerability

Google Chrome is a popular WEB browser. A security vulnerability exists in the Google Chrome net/http/proxyclientsocket.cc file due to failure to properly handle the 407 aka Proxy Authentication Required HTTP status code that appears in the Set-Cookie header. A remote attacker can exploit this...

UBUNTU-CVE-2015-1229

net/http/proxyclientsocket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 aka Proxy Authentication Required HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...

Amazon Linux AMI : curl (ALAS-2015-477)

The curleasyduphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPTCOPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. CVE-2014-3707 CR...