6237 matches found
Command injection
The STARTTLS implementation in mail/ngxmailsmtphandler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command...
CVE-2014-3556
The STARTTLS implementation in mail/ngxmailsmtphandler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command...
CVE-2014-3556
The CVE-2014-3556 entry affects nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4. The STARTTLS implementation in mail/ngx_mail_smtp_handler.c allows an MITM to inject commands into encrypted SMTP sessions by sending a cleartext command after TLS is established, due to insufficient I/O bu...
CVE-2014-3556
The STARTTLS implementation in mail/ngxmailsmtphandler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command...
Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass
Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Exploit Vendor: Soitec Product web page: http://www.soitec.com Affected version: 1.4 and 1.3 Summary: Soitec power plants are a profitable and ecological investment at the same time. Using Concentrix technology, Soitec offers...
Soitec SmartEnergy 1.4 - SCADA Login SQL Injection Authentication Bypass
Soitec SmartEnergy 1.4 - SCADA Login SQL Injection Authentication Bypass Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Exploit Vendor: Soitec Product web page: http://www.soitec.com Affected version: 1.4 and 1.3 Summary: Soitec power plants are a profitable and ecological...
Soitec SmartEnergy 1.4 - SCADA Login SQL Injection / Authentication Bypass
Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Exploit Vendor: Soitec Product web page: http://www.soitec.com Affected version: 1.4 and 1.3 Summary: Soitec power plants are a profitable and ecological investment at the same time. Using Concentrix technology, Soitec offers...
DEBIAN-CVE-2014-3616
nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...
CVE-2014-3616
nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...
CVE-2014-3616
nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...
Type confusion
nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...
CVE-2014-3616
CVE-2014-3616 affects nginx versions 0.5.6 through 1.7.4. The root cause is reuse of a shared SSL session cache or SSL session_ticket_key for multiple servers, allowing a remote attacker with sufficient privileges to perform a virtual host confusion by reusing a cached SSL session in an unrelated...
CVE-2014-3616
nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...
CVE-2014-3616
nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...
SSLv3 exposed 0Day vulnerabilities rising to provide solution-vulnerability warning-the black bar safety net
1 0 On 1 5 December, the well-known encryption Protocol SSLv3 aeration became known as the“POODLE”of the high-risk vulnerability vulnerability number CVE-2 0 1 4-3 5 6 6, and can lead to data transmission network by hackers to monitor the users of sensitive information, online account and banking...
MGASA-2014-0427 Updated nginx packages fix CVE-2014-3616
Updated nginx package fixes security vulnerability: Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position...
Updated nginx packages fix CVE-2014-3616
Updated nginx package fixes security vulnerability: Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position...
How to fix POODLE SSLv3 security vulnerability (CVE-2 0 1 4-3 5 6 6)-vulnerability warning-the black bar safety net
POODLE = P adding O racle O n D owngraded L egacy E ncryption First of all, this is a belated naming, but security is still terrible. The latest security vulnerability CVE-2 0 1 4-3 5 6 6 code name is POODLE, which is an abbreviation for, in accordance with the above title to have actual meaning?...
SSL v3 Poodle security vulnerability fix recommendations-vulnerability warning-the black bar safety net
! The use of SSL to protect your website traffic far more than is on the server install an SSL certificate. Era in constant development,with the browser of aging, password strength reduction as well as attackers become more creative, the situation has undergone subtle changes. For early...
Google released SSLv3 vulnerability summary analysis report-vulnerability warning-the black bar safety net
! This morning, Google released a SSLv3 vulnerability a brief analysis of the report. According to Google's statement,the exploit runs through all of the SSLv3 version, the use of the vulnerability, the hacker can by a man in the middle attacks, etc. in a similar manneras long as the hijacking of...