145 matches found
[SECURITY] [DSA 3029-1] nginx security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3029-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso September 20, 2014 http://www.debian.org/security/faq -...
DSA-3029-1 nginx - security update
Bulletin has no description...
DLA-55-1 nginx - security update
Bulletin has no description...
nginx < 1.6.1 / 1.7.4 SMTP STARTTLS Command Injection
According to the self-reported version in the server response header, the version of nginx installed on the remote host is 1.5.6 or higher, 1.6.x prior to 1.6.1, or 1.7.x prior to 1.7.4. It is, therefore, affected by a command injection vulnerability. A flaw exists in the function...
FreeBSD : nginx -- inject commands into SSL session vulnerability (ad747a01-1fee-11e4-8ff1-f0def16c5c1b)
"The nginx project reports : Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy CVE-2014-3556 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright...
Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support
No description provided by source. / CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted...
Heartbleed OpenSSL - Information Leak Exploit (1)
No description provided by source. / CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted...
APPLE-SA-2014-04-22-2 iOS 7.1.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-2 iOS 7.1.1 iOS 7.1.1 is now available and addresses the following: CFNetwork HTTPProtocol Available for: iPhone 4 and later, iPod touch 5th generation and later, iPad 2 and later Impact: An attacker in a privileged network positio...
Heartbleed OpenSSL Information Leak Proof Of Concept
/ CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted...
OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (2) (DTLS Support)
/ CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted...
OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (1)
/ CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted...
Design/Logic Flaw
The SSL VPN implementation in Cisco IOS 15.31T2 and earlier allows remote authenticated users to cause a denial of service interface queue wedge via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568...
Design/Logic Flaw
FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the...
CVE-2013-4669
FortiClient and FortiClient Lite proceed with an SSL session after determining that the server’s X.509 certificate is invalid, enabling MITM attackers to obtain sensitive information during password transmission. Affected versions include FortiClient on Windows (<4.3.5.472), Mac OS X (<4.0....
CVE-2013-2770
The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server OES on Mac OS X does not verify the server's X.509 certificate during an SSL session, which allows man-in-the-middle attackers to spoof servers via an arbitrary certificate...
OpenSSL < 0.9.2b Session Reuse
According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.2b. A remote attacker could reuse an SSL session under a different context and bypass access control mechanisms based on client certificates. C Tenable Network Security, Inc. include"compat.inc"; i...
Firefox Java update ready to stop BEAST attacks
Firefox Java update ready to stop BEAST attacks Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework. Johnath, the...
Code injection
Cisco Unified Communications Manager aka CUCM, formerly CallManager 6.x, 7.x before 7.15bsu4, 8.0, and 8.5 before 8.51su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session,...
CVE-2011-1643
Cisco Unified Communications Manager aka CUCM, formerly CallManager 6.x, 7.x before 7.15bsu4, 8.0, and 8.5 before 8.51su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session,...
CVE-2011-1643
CVE-2011-1643 affects Cisco Unified Communications Manager (CUCM) and Cisco Unified Presence Server. Affected CUCM versions: 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2; Presence Server: 6.x, 7.x, 8.0, and 8.5 before 8.5xnr. Root cause: an open query interface could disclose databas...