CVE-2021-45081

An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS...

Design/Logic Flaw

In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS...

Fedora 33 : kiwix-desktop (2021-aa347d2b99)

The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-aa347d2b99 advisory. - Always use HTTPS for the catalog downloads. FEDORA-2021-aa347d2b99 Note that Nessus has not tested for this issue but has instead relied only on the...

CVE-2018-14067

Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces including the external Internet by default. NOTE: this may overlap CVE-2017-9980...

GHSA-3Q49-H8F9-9FR9 Missing TLS certificate verification

Faye uses em-http-request6 and faye-websocket10 in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls1 method in EventMachine2 to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not implement certificate verification by...

Denial Of Service (DoS)

undertow is vulnerable to denial of service DoS. The vulnerability exists when the Undertow HTTP server is listening on HTTPS...

DEBIAN-CVE-2019-14888

A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...

PT-2020-1415

Name of the Vulnerable Software and Affected Versions Java SE versions 11.0.5 and 13.0.1 Description The issue is related to a vulnerability in the Java Secure Socket Extension JSSE component of Oracle Java SE, which is difficult to exploit and allows an unauthenticated attacker with network acce...

Node.js third-party modules: [https-proxy-agent] Socket returned without TLS upgrade on non-200 CONNECT response, allowing request data to be sent over unencrypted connection

I would like to report a man-in-the-middle vulnerability in https-proxy-agent. It allows an attacker with access to the network firewall or targeted proxy server to obtain secrets e.g. a HTTP basic auth header from the client trying to send HTTPS traffic via HTTP proxy. Module module name:...

Paragon Initiative Enterprises: Incorrect detection of onion URLs

Several places have incorrect code to detect if URL point to .onion domain tor hidden server: The following regexes: 1. ^https://^/:+.onion:?:0-9+ 2. ^https?://^/+.onion which is used in: https://github.com/paragonie/airship/blob/0e9289553cdc538556d362faaee63be6cc534a0c/src/Engine/Hail.phpL223...

khondab.locopoc.com XSS vulnerability

Vulnerable URL: http://khondab.locopoc.com/q-0x524D-'-alertOPENBUGBOUNTY-' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...

Design/Logic Flaw

IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive information by sniffing the network...

CVE-2014-6130

The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which the user had intended to use HTTPS...

Design/Logic Flaw

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service defect-mode transition via crafted HTTPS packets, a different vulnerability than CVE-2014-2259...

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

Ubuntu 11.10 : ubuntuone-couch vulnerability (USN-1381-1)

It was discovered that Ubuntu One Couch did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information. Note that Tenable Network...

CVE-2008-4796

The httpsrequest function Snoopy/Snoopy.class.php in Snoopy 1.2.3 and earlier, as used in 1 ampache, 2 libphp-snoopy, 3 mahara, 4 mediamate, 5 opendb, 6 pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs...

MailEnable Enterprise & Professional https Remote BoF Exploit

No description provided by source. !/usr/bin/perl This tools and to consider only himself to educational purpose -=MailEnable Enterprise & Professional HTTPS remote BoF exploit=- -= =- -= Discovered & Coded by CorryL info:www.x0n3-h4ck.org=- -= irc.xoned.net x0n3-h4ck corryl80atgmail.com=-...

Mozilla Browser HTTP/HTTPS Redirection Weakness (deprecated)

Binary data 1319.prm...

CVE-2000-0740

Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS port...