146 matches found
CVE-2017-2913
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this...
CVE-2017-2911
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate...
Design/Logic Flaw
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate...
CVE-2017-2912
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificat...
Design/Logic Flaw
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this...
CVE-2017-2912
CVE-2017-2912 affects Circle with Disney firmware 2.0.1 via the goclient SSL validation in the remote-control feature. The vulnerability arises because SSL certificate checking is insufficient: certificates for specific domains can cause goclient to accept an unintended certificate, enabling a MI...
CVE-2017-2912
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificat...
CVE-2017-2913
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this...
CVE-2017-2911
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate...
Downloads Resources over HTTP
Overview Affected versions of macaca-chromedriver-zxa insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in cod...
OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838)
A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...
CVE-2016-5597
A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...
Number of Devices Sharing Private Crypto Keys Up Sharply
Researchers at SEC Consult say the number of internet gateways, routers, modems and other embedded devices sharing cryptographic keys and certificates is up 40 percent since the Austrian consulting firm first looked at the problem in November. The report, posted Tuesday called “House of Keys,”...
Tianrongxin TopSec Firewall Cookie Stack Buffer Overflow Vulnerability
TopSec is a firewall appliance from Skyrunner. A stack buffer overflow vulnerability exists in the HTTPS server of the Skyrun Firewall when processing the authid parameter in a cookie, where the return address is overwritten when the length of the parameter exceeds 60 bytes. An attacker exploited...
CVE-2016-5774
CVE-2016-5774 affects Blue Coat PacketShaper S-Series: the HTTPS server in 11.5.x before 11.5.3.2 uses insecure cryptographic parameters, enabling a remote attacker to obtain credentials and other sensitive information via management interfaces. Affected product: PacketShaper S-Series 11.5.x (bef...
CVE-2013-6926
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a 1 guest or 2 operator account...
Design/Logic Flaw
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a 1 guest or 2 operator account...
CVE-2013-6926
The CVE concerns Siemens RuggedCom ROS prior to v3.12.2, where the integrated HTTPS server on port 443/TCP could allow remote authenticated attackers to bypass restrictions and perform limited administrative actions by using a guest or operator account. The vulnerability stems from an authenticat...
CVE-2013-6925
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value...
Cisco IronPort PostX < 6.2.9.1 Multiple Vulnerabilities
The version of Cisco IronPort PostX on the remote device is a version prior to 6.2.9.1. As such, it is affected by multiple vulnerabilities : - An unspecified vulnerability in the administrative interface in the embedded HTTPS server allows remote attackers to read arbitrary files via unknown...