675 matches found
OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)
A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...
OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)
A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...
New HTTPS URL Leakage Attack Leaves PCs, Macs, Linux Systems Vulnerable
LAS VEGAS ā Researchers have found flaws in the Web Proxy AutoDiscovery protocol tied to DHCP and DNS servers that allow hackers spy on HTTPS-protected URLs and launch a myriad of different malicious attacks against Linux, Windows or Mac computers. According to the security firm SafeBreach, this...
UBUNTU-CVE-2016-5388
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...
Squid: Multiple vulnerabilities
Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Multiple vulnerabilities ha...
Vulnerability of the Windows operating system and the Internet Explorer browser, allowing attackers to increase their privileges
The vulnerability of the Web Proxy Auto Discovery protocol for the Windows operating system and the Internet Explorer browser is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely by using the NetBIOS name...
The vulnerability of the Windows operating system, which allows a hacker to redirect network traffic
The vulnerability of the Web Proxy Auto Discovery protocol in the Windows operating system is related to incorrect data processing. Exploiting this vulnerability allows a malicious actor to redirect network traffic remotely...
Cumulative Update for Windows 10 version 1511 and Windows Server 2016 Technical Preview 4: June 14, 2016
Cumulative Update for Windows 10 version 1511 and Windows Server 2016 Technical Preview 4: June 14, 2016 Summary This security update includes improvements and fixes in the functionality of Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4, and resolves the following...
Cumulative update for Windows 10: June 14, 2016
Cumulative update for Windows 10: June 14, 2016 Summary This security update includes improvements and fixes in the functionality of Windows 10. It also resolves the following vulnerabilities in Windows: 3163649 MS16-063: Cumulative security update for Internet Explorer: June 14, 2016 3163656...
CVE-2016-3236
The Web Proxy Auto Discovery WPAD protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to...
CVE-2016-3213
The Web Proxy Auto Discovery WPAD protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanis...
Privilege escalation
The Web Proxy Auto Discovery WPAD protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to...
Elevation of Privilege Vulnerability Found in Microsoft Windows WPAD Agent
Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows that stems from a program's inability to properly handle certain proxy discovery scenarios using the Web Proxy Autodiscovery WPAD...
Microsoft Windows WPAD Elevation of Privilege Vulnerability
Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in the Web Proxy Autodiscovery WPAD protocol for Microsoft Windows. An attacker could exploit this vulnerability to bypass security checks and obtain...
PT-2016-2168
Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Description The issue is related to the Web Proxy Auto Discovery WPAD protocol implementation, which mishandles proxy discovery. This allows remote attackers to redirect network traffic via...
Web Proxy Settings '.pac' File Download Detection
Binary data 9272.prm...
Oracle iPlanet Web Proxy Server 4.0.x < 4.0.27 NSS ASN.1 Decoder RCE (April 2016 CPU)
According to its self-reported version, the Oracle iPlanet Web Proxy Server formerly known as Sun Java System Web Proxy Server installed on the remote host is version 4.0.x prior to 4.0.27. It is, therefore, affected by a heap buffer overflow condition in the ASN.1 decoder in the Network Security...
DIY Web Proxy: proxenet
proxenet is a multi-threaded proxy which allows you to manipulate your HTTP requests and responses using your favorite scripting language. No need to learn Java like for Burp or Python like for mitmproxy . proxenet supports heaps of languages and more can be added easily. proxenet is a C-based...
CA Single Sign-On Domino Web Proxy Denial of Service Vulnerability
CA Single Sign-On is a suite of software for secure access to Web applications via single sign-on from CA USA. A denial of service vulnerability exists in CA Single Sign-On's Domino Web proxy. A remote attacker could exploit this vulnerability by sending a specially crafted request to cause a...
DSA-3522-1 squid3 - security update
Bulletin has no description...