firefox: same-origin policy bypass

Jason Pang of OneSignal reported that service workers intercept responses to plugin network requests made through the browser. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a service worker forges responses to those requests...

DLA-413-1 gajim - security update

Bulletin has no description...

New Relic: Basic Authorization over HTTP

Hi New Relic Team, While reviewing your host http://newrelic.com/ it was discovered that you are basic authorization over http , which is not a good practice If an attacker can intercept traffic on the network, he/she might be able to steal the user's credentials. Request:- GET /styleguide-layout...

TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)

A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...

Gajim Message Interception Vulnerability

Gajim is a suite of free instant messaging software based on the Jabber communication protocol developed by the Gajim project. A security vulnerability exists in versions of Gajim prior to 0.16.5, which can be exploited by remote attackers to modify the roster and intercept messages with the help...

openSUSE Security Update : gajim (openSUSE-2016-29)

This update to gajim 0.16.5 fixes the following security issues : - CVE-2015-8688: Message interception due to unverified origin of roster push - Improve security on connexion and for roster managment boo960668 The following on-security improvements were added : - Improve MAM implementation. -...

Shoplat App for iOS issue in the verification of SSL certificates

Overview Shoplat App for iOS provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. ma.la reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A connection to a server using a...

JVN#47951769: Shoplat App for iOS issue in the verification of SSL certificates

Shoplat App for iOS provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. Impact A connection to a server using an invalid SSL server certificate can be estabilished without a warning. As a result, the user may not notice that a remote attacker is interceptin...

CVE-2015-8688

Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza...

DEBIAN-CVE-2015-8688

Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza...

CVE-2015-8688

Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza...

UBUNTU-CVE-2015-8688

Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza...

CVE-2015-8688

Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza...

CVE-2015-8688

Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza...

CVE-2015-8688

Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza...

CVE-2015-8688

CVE-2015-8688 affects Gajim prior to 0.16.5. The root cause is failure to verify the origin of roster-push IQ stanzas, allowing an attacker to spoof roster updates and intercept messages. Public advisories and vendor releases indicate upgrading to Gajim 0.16.5 (or respective patched package versi...

KLA10742 Security bypass vulnerability in Gajim

An unspecified vulnerability was found in Gajim. By exploiting this vulnerability malicious users can modify roster and intercept messages. This vulnerability can be exploited remotely via a specially designed roster-push IQ stanza. Original advisories - Related products Gajim CVE list...

Siemens Industrial Products DROWN Vulnerability (Update C)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-103-03B Siemens Industrial Products DROWN Vulnerability that was published June 15, 2017, on the NCCIC/ICS-CERT web site. Siemens has found that a DROWNThe DROWN Attack, https://drownattack.com/, web site last...

SSH Authentication Backdoor Vulnerability in Fortigate Firewalls

FortiGate Fita Firewall is a network firewall product from Fortinet Fita for defense against attacks such as network and malicious code at the network and content layers. Fortigate Firewall has an SSH authentication backdoor vulnerability. FortiGate firewall FortimanagerAccess user's password is...

'Ridiculous' Bug in Popular Antivirus Allows Hackers to Steal all Your Passwords

If you have installed Trend Micro's Antivirus on your Windows computer, then Beware. Your computer can be remotely hijacked, or infected with any malware by even through a website – Thanks to a critical vulnerability in Trend Micro Security Software. The Popular antivirus maker and security firm...