78 matches found
SUSE SLED12 Security Update : python-tornado (SUSE-SU-2016:1195-1)
The python-tornado module was updated to version 4.2.1, which brings several fixes, enhancements and new features. The following security issues have been fixed : - A path traversal vulnerability in StaticFileHandler, in which files whose names started with the staticpath directory but were not...
Pinball Pro - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Pinball Pro published at the 'play' market has multiple vulnerabilities...
Angry Shark 2016 - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Angry Shark 2016 published at the 'play' market has multiple vulnerabilities...
TS Nearby - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities
HackApp vulnerability scanner discovered that application TS Nearby published at the 'play' market has multiple vulnerabilities...
- Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application published at the 'play' market has multiple vulnerabilities...
Firmwalker - Script for searching the extracted firmware file system for goodies!
A simple bash script for searching the extracted or mounted firmware file system. It will search through the extracted or mounted firmware file system for things of interest such as: etc/shadow and etc/passwd list out the etc/ssl directory search for SSL related files such as .pem, .crt, etc...
Legal Robot: SSL Issue on legalrobot.com
Security researcher discovered an SSL configuration issue on some mobile devices...
SUSE-SU-2015:1776-1 Security update for haproxy
haxproy was updated to backport various security fixes and related patches bsc937202 bsc937042 CVE-2015-3281 + BUG/MAJOR: buffers: make the bufferslowrealign function respect output data + BUG/MINOR: ssl: fix smpfetchsslfcsessionid + MEDIUM: ssl: replace standards DH groups with custom ones +...
ownCloud: *.owncloud.com / *.owncloud.org: Using not strong enough SSL ciphers
We have received multiple reports that some of our domains on .owncloud.com and .owncloud.org are not using a recommended configuration for HTTPS purposes. To avoid having multiple issues to track SSL / TLS related problems on .owncloud.com and .owncloud.org we have merged multiple issues togethe...
KeyBox - A web-based SSH console that centrally manages administrative access to systems
KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. Administrators can login...
SUSE SLES10 Security Update : apache2 (SUSE-SU-2013:0469-1)
This Apache2 LTSS roll-up update for SUSE Linux Enterprise 10 SP3 LTSS fixes the following security issues and bugs : - CVE-2012-4557: Denial of Service via special requests in modproxyajp - CVE-2012-0883: improper LDLIBRARYPATH handling - CVE-2012-2687: filename escaping problem - CVE-2012-0031:...
Burp Suite Professional v1.6 - The leading toolkit for web application security testing
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security...
CVE-2012-5770
The SSL configuration in IBM Tivoli Application Dependency Discovery Manager TADDM 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack...
Unable to use HTTPS for login only
If you setup the urlrewrite.xml like so: noformat ^/s/.//download/images/^?. /images/$2 ^/s/.//^?. /$2 ^/login.action https https://localhost:8443/login.action ^/dologin.action https https://localhost:8443/dologin.action ^/. https /login.action. /dologin.action. /s/. http://localhost:8080/$...
IBM WebSphere Application Server 6.1 < Fix Pack 21 Multiple Vulnerabilities
Binary data 4929.prm...
IBM WebSphere Application Server 6.1 < Fix Pack 21 Multiple Flaws
IBM WebSphere Application Server 6.1 before Fix Pack 21 appears to be running on the remote host. As such, it is reportedly affected by multiple flaws : - Provided Performance Monitoring Infrastructure PMI is enabled, it may be possible for a local attacker to obtain sensitive information through...
Moderate: Red Hat Security Advisory: redhat-ds-base and redhat-ds-admin security and bug fix update
Updated redhat-ds-base and redhat-ds-admin packages are now available that fix security issues and various bugs. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Red Hat Directory Server is an LDAPv3-compliant directory server. Multiple memory...
tomcat anonymous cipher issue
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts...