[Watcher v1.5.6] Web Security Testing Tool and Passive Vulnerability Scanner

Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...

nginx 中间人攻击漏洞(CVE-2011-4968)

Bugtraq ID:57139 CVE ID:CVE-2011-4968 nginx是一款高性能的web服务器，使用非常广泛，其不仅经常被用作反向代理，也可以非常好的支持PHP的运行 nginx包含的Http代理模块允许通过https与源服务器通信，但是没有正确校验源服务器身份，允许攻击者在代理和源服务器之间进行中间人攻击 0 Igor Sysoev nginx 0.8.40 Igor Sysoev nginx 0.8.36 Igor Sysoev nginx 0.8.35 Igor Sysoev nginx 0.8.33 Igor Sysoev nginx 0.7.66 Igor...

Debian Security Advisory DSA 2564-1 (tinyproxy)

The remote host is missing an update to tinyproxy announced via advisory DSA 2564-1. OpenVAS Vulnerability Test $Id: deb25641.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2564-1 tinyproxy Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian DSA-2564-1 : tinyproxy - denial of service

gpernot discovered that Tinyproxy, a HTTP proxy, is vulnerable to a denial of service by remote attackers by sending crafted request headers. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

[SECURITY] [DSA 2564-1] tinyproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2564-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 23, 2012 http://www.debian.org/security/faq -...

DSA-2564-1 tinyproxy - denial of service

Bulletin has no description...

Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64 (20120131)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in the way Firefox removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicio...

Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user...

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user...

CentOS Update for firefox CESA-2012:0079 centos4

Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2012:0079 centos4 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Windows Gather TortoiseSVN Saved Password Extraction

This module extracts and decrypts saved TortoiseSVN passwords. In order for decryption to be successful this module must be executed under the same privileges as the user which originally encrypted the password. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2012-2632

SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 through 3.75, SEIL/X2 2.30 through 3.75, and SEIL/B1 2.30 through 3.75, when the http-proxy and application-gateway features are enabled, do not properly handle the CONNECT command, which allows remote attackers to bypass intende...

Design/Logic Flaw

SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 through 3.75, SEIL/X2 2.30 through 3.75, and SEIL/B1 2.30 through 3.75, when the http-proxy and application-gateway features are enabled, do not properly handle the CONNECT command, which allows remote attackers to bypass intende...

CVE-2012-2632

CVE-2012-2632 affects SEIL routers with firmware SEIL/x86 1.00–2.35, SEIL/X1 2.30–3.75, SEIL/X2 2.30–3.75, and SEIL/B1 2.30–3.75. The vulnerability arises from improper handling of the CONNECT command when http-proxy and application-gateway features are enabled, allowing remote attackers to bypas...

CVE-2012-2632

SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 through 3.75, SEIL/X2 2.30 through 3.75, and SEIL/B1 2.30 through 3.75, when the http-proxy and application-gateway features are enabled, do not properly handle the CONNECT command, which allows remote attackers to bypass intende...

CVE-2012-0804

Heap-based buffer overflow in the proxyconnect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP response...

CVE-2012-0804

Heap-based buffer overflow in the proxyconnect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP response...

Lynx Message Server - Multiple Vulnerabilities

Lynx Message Server - Multiple Vulnerabilities 1. Summary The Micro Technology Services Inc. "Lynx Message Server 7.11.10.2" and/or "LynxTCPService version 1.1.62" web interface is vulnerable to SQL Injection, Cross-Site Scripting, and other security problems. 2. Description Lynx is a "Facility...

Lynx Message Server 7.11.10.2 Cross Site Scripting / SQL Injection

Summary The Micro Technology Services Inc. "Lynx Message Server 7.11.10.2" and/or "LynxTCPService version 1.1.62" web interface is vulnerable to SQL Injection, Cross-Site Scripting, and other security problems. 2. Description Lynx is a "Facility wide Duress and Emergency Notification" system...

cvs security update

CentOS Errata and Security Advisory CESA-2012:0321 Updated cvs packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...