DoS Vulnerability (fixed in Node v0.8.26 and v0.10.21)

DoS Vulnerability fixed in Node v0.8.26 and v0.10.21 Node.js is vulnerable to a denial of service attack when a client sends many pipelined HTTP requests on a single connection, and the client does not read the responses from the connection. We recommend that anyone using Node.js v0.8 or v0.10 to...

Multiple Vulnerabilities in Cisco Firewall Services Module Software (cisco-sa-20130410-fwsm)

The remote Cisco Firewall Services Module FWSM for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers may be affected by the following vulnerabilities : - A flaw in the FWSM software could allow remote attackers to cause a denial of service DoS condition via a crafted IKEv1 message...

Blue Coat ICAP Patience Page XSS

The remote host is running a version of Blue Coat ProxySG that suffers from a XSS issue. An attacker can exploit this issue by sending a malicious link that will redirect the user to the ICAP 'Patience' page which will echo the link back, unfiltered. %NASLMINLEVEL 70300 C Tenable Network Security...

[SECURITY] Fedora 18 Update: nodejs-tunnel-agent-0.3.0-1.fc18

HTTP proxy tunneling agent...

CVE-2013-2070

http/modules/ngxhttpproxymodule.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxypass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service crash and obtain sensitive information from worker process memory via a crafted proxy response, a simila...

nginx 'ngx_http_parse.c'栈缓冲区溢出漏洞

BUGTRAQ ID: 59699 CVECAN ID: CVE-2013-2028 nginx是HTTP及反向代理服务器，同时也用作邮件代理服务器。 nginx 1.3.9 - 1.4.0在解析HTTP块时，"ngxhttpparsechunked"函数 http/ngxhttpparse.c中存在错误，可被利用造成栈缓冲区溢出。 0 Nginx 1.3.9 - 1.4.0 临时解决方法： 建议您升级到nginx 1.4.1或者是1.5.0。但如果您不能立刻安装补丁或者升级，您可以采取以下措施以降低威胁： 在每个server块中使用如下配置 if $httptransferencodi...

Medium: nginx

Issue Overview: http/modules/ngxhttpproxymodule.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxypass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service crash and obtain sensitive information from worker process memory via a crafted proxy...

[Watcher v1.5.6] Web Security Testing Tool and Passive Vulnerability Scanner

Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...

nginx 中间人攻击漏洞(CVE-2011-4968)

Bugtraq ID:57139 CVE ID:CVE-2011-4968 nginx是一款高性能的web服务器，使用非常广泛，其不仅经常被用作反向代理，也可以非常好的支持PHP的运行 nginx包含的Http代理模块允许通过https与源服务器通信，但是没有正确校验源服务器身份，允许攻击者在代理和源服务器之间进行中间人攻击 0 Igor Sysoev nginx 0.8.40 Igor Sysoev nginx 0.8.36 Igor Sysoev nginx 0.8.35 Igor Sysoev nginx 0.8.33 Igor Sysoev nginx 0.7.66 Igor...

Debian Security Advisory DSA 2564-1 (tinyproxy)

The remote host is missing an update to tinyproxy announced via advisory DSA 2564-1. OpenVAS Vulnerability Test $Id: deb25641.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2564-1 tinyproxy Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian DSA-2564-1 : tinyproxy - denial of service

gpernot discovered that Tinyproxy, a HTTP proxy, is vulnerable to a denial of service by remote attackers by sending crafted request headers. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

[SECURITY] [DSA 2564-1] tinyproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2564-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 23, 2012 http://www.debian.org/security/faq -...

DSA-2564-1 tinyproxy - denial of service

Bulletin has no description...

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user...

Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64 (20120131)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in the way Firefox removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicio...

Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user...

CentOS Update for firefox CESA-2012:0079 centos4

Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2012:0079 centos4 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Windows Gather TortoiseSVN Saved Password Extraction

This module extracts and decrypts saved TortoiseSVN passwords. In order for decryption to be successful this module must be executed under the same privileges as the user which originally encrypted the password. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2012-2632

SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 through 3.75, SEIL/X2 2.30 through 3.75, and SEIL/B1 2.30 through 3.75, when the http-proxy and application-gateway features are enabled, do not properly handle the CONNECT command, which allows remote attackers to bypass intende...

Design/Logic Flaw

SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 through 3.75, SEIL/X2 2.30 through 3.75, and SEIL/B1 2.30 through 3.75, when the http-proxy and application-gateway features are enabled, do not properly handle the CONNECT command, which allows remote attackers to bypass intende...