http-proxy-brute NSE Script

Performs brute force password guessing against HTTP proxy servers. Script Arguments http-proxy-brute.url sets an alternative URL to use when brute forcing default: http-proxy-brute.method changes the HTTP method to use when performing brute force guessing default: HEAD creds.service, creds.global...

Moderate: Red Hat Security Advisory: php53 and php security update

Updated php53 and php packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detail...

java security update

CentOS Errata and Security Advisory CESA-2011:0857 Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring Syst...

RedHat Update for java-1.6.0-openjdk RHSA-2011:0857-01

Check for the Version of java-1.6.0-openjdk OpenVAS Vulnerability Test RedHat Update for java-1.6.0-openjdk RHSA-2011:0857-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Important: Red Hat Security Advisory: java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Critical: Red Hat Security Advisory: java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Nmap NSE net: http-open-proxy

Checks if an HTTP proxy is open. The script attempts to connect to www.google.com through the proxy and checks for a valid HTTP response code. Valid HTTP response codes are 200, 301, and 302. If the target is an open proxy, this script causes the target to retrieve a web page from www.google.com...

FreeBSD Ports: tinyproxy

The remote host is missing an update to the system as announced in the referenced advisory. VID b9281fb9-61b2-11e0-b1ce-0019d1a7ece2 OpenVAS Vulnerability Test $ Description: Auto generated from VID b9281fb9-61b2-11e0-b1ce-0019d1a7ece2 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

Design/Logic Flaw

acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server...

CVE-2011-1499

acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server...

CVE-2011-1499

acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server...

CVE-2011-1499

Affected software: Tinyproxy (before 1.8.3). Root cause: ACL configuration with CIDR in acl.c permits TCP connections from any IP, effectively making the proxy open. Impact: potential anonymization of traffic as the proxy can be used to hide origin. Remediation: upgrade to Tinyproxy 1.8.3 or appl...

CVE-2011-1499

acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server...

CVE-2010-2787

api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim...

CVE-2010-2787

api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim...

Design/Logic Flaw

api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim...

CVE-2010-2787

api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim...

CVE-2010-2787

CVE-2010-2787 affects MediaWiki up to version 1.15.4 (public caching headers used for private data). Remote attackers could bypass access controls by retrieving documents from a shared HTTP proxy cache previously used by a victim. Impact: partial disclosure of sensitive data. Mitigation: upgrade ...

CVE-2010-2787

api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim...

Design/Logic Flaw

Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper...