676 matches found
DSA-3522-1 squid3 - security update
Bulletin has no description...
Shopify: Stored XSS via "Free Shipping" option (Discounts)
POC steps: 1 Go to the customers page and add a new search group named as "img src=x onerror=prompt7 see img1.png 2 Go to the discounts page, create a new discount code and mark the "Free Shipping" option. 3 Open a web proxy i.e. tamper data and press the "save discount" button. 4 Through the web...
[SECURITY] Fedora 22 Update: privoxy-3.0.23-3.fc22
Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit...
[SECURITY] Fedora 23 Update: privoxy-3.0.23-3.fc23
Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit...
Debian DSA-3460-1 : privoxy - security update
It was discovered that privoxy, a web proxy with advanced filtering capabilities, contained invalid reads that could enable a remote attacker to crash the application, thus causing a Denial of Service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...
[SECURITY] [DSA 3460-1] privoxy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3460-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 30, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3460-1] privoxy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3460-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 30, 2016 https://www.debian.org/security/faq -...
DSA-3460-1 privoxy - security update
Bulletin has no description...
curl: URL request injection vulnerability in parseurlandfillconn()
It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct...
CVE-2004-2654
The clientAbortBody function in clientside.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service segmentation fault via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer...
IPFire < 2.17 - Core Update 93 Multiple Vulnerabilities
IPFire is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
[SECURITY] [DSA 3327-1] squid3 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3327-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 03, 2015 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-3327-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle iPlanet Web Proxy Server 4.0.x < 4.0.26 NSS Signature Handling Remote Code Injection
According to its self-reported version, the Oracle iPlanet Web Proxy Server formerly known as Sun Java System Web Proxy Server installed on the remote host is version 4.0.x prior to 4.0.26. It is, therefore, affected by a flaw in the definitelengthdecoder function in the Network Security Services...
curl: URL request injection vulnerability in parseurlandfillconn()
It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct...
Oracle iPlanet Web Proxy Server 4.0 < 4.0.25 NSS Signature Verification Vulnerability
According to its self-reported version, the Oracle iPlanet Web Proxy Server installed on the remote host is version 4.0 prior to 4.0.25. It is, therefore, affected by a flaw in the Network Security Services NSS library due to improper parsing of ASN.1 values in an RSA signature. A man-in-the-midd...
USN-2521-1: Oxide vulnerabilities
Several out-of-bounds write bugs were discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program...
[SECURITY] Fedora 20 Update: privoxy-3.0.23-1.fc20
Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit...
[SECURITY] Fedora 21 Update: privoxy-3.0.23-1.fc21
Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit...
Microsoft Remote Desktop Services - Web Proxy IE Sandbox Escape (MS15-004) (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape', 'Description' = %q This module abuses a process creation...