Novell File Reporter Engine buffer overflow

Buffer overflow on TCP/3035 HTTPs response parsing...

SnoopServlet Cross Site Scripting

SnoopServlet simply echos back the request line and the headers that were sent by the client, plus any HTTPS information. Search Google for: j2ee/servlet/snoopservlet to find a lot of vuln sites. PoC:...

[USN-1158-1] curl vulnerabilities

========================================================================== Ubuntu Security Notice USN-1158-1 June 24, 2011 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

Novell File Reporter Engine RECORD Tag Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Engine. Authentication is not required to exploit this vulnerability. The specific flaw exists within NFREngine.exe which communicates with the Agent component over HTTPS on TC...

Debian DSA-2246-1 : mahara - several vulnerabilities

Several vulnerabilities were discovered in Mahara, an electronic portfolio, weblog, and resume builder. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-1402 It was discovered that previous versions of Mahara did not check user credentials before...

Fedora 14 : phpMyAdmin-3.4.1-1.fc14 (2011-7702)

Welcome to phpMyAdmin 3.4, presenting a new default theme. This release contains new features, especially : - User preferences - Relation schema export to multiple formats - ENUM/SET editor - Simplified interface for export/import - AJAXification of some parts - Charts - Visual query builder and...

[SECURITY] [DSA 2246-1] mahara security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2246-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano May 29, 2011 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2246-1] mahara security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2246-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano May 29, 2011 http://www.debian.org/security/faq -...

DSA-2246-1 mahara - several vulnerabilities

Bulletin has no description...

Perl libwww-perl (LWP)模块SSL证书验证安全策略绕过漏洞

BUGTRAQ ID: 47895 CVE ID: CVE-2011-0633 CPAN（Comprehensive Perl Archive Network）中译为“Perl综合典藏网”,“Perl综合档案网”或者“Perl程序库”。它包含了极多用Perl写成的软件和其文件。 Perl libwww-perl LWP模块在SSL证书验证上存在安全策略绕过漏洞，远程攻击者可利用此漏洞执行中间人攻击或伪造受信任服务器。 libwww-perl LWP 6.00之前版本中的Net::HTTPS模块（也使用在其他产品中，如WWW::Mechanize,...

IBM solidDB RPC Test Commands Denial of Service Vulnerabilities

This host is running IBM solidDB and is prone to multiple denial of service vulnerabilities. OpenVAS Vulnerability Test $Id: gbibmsoliddbrpctestsvcdosvuln.nasl 7015 2017-08-28 11:51:24Z teissa $ IBM solidDB RPC Test Commands Denial of Service Vulnerabilities Authors: Antu Sanadi Copyright:...

Vulnerability in Google ClientLogin Protocol !

Vulnerability in Google ClientLogin Protocol ! A group of security and privacy researchers from the Institute of Media Informatics at Ulm University in Germany, is claiming to have discovered a serious security vulnerability in Google's ClientLogin protocol. In a recent analysis of the Android...

CVE-2011-0633

The Net::HTTPS module in libwww-perl LWP before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof...

CVE-2011-1406

Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login...

CVE-2011-0633

The Net::HTTPS module in libwww-perl LWP before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof...

Design/Logic Flaw

The Net::HTTPS module in libwww-perl LWP before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof...

CVE-2011-0633

CVE-2011-0633 affects libwww-perl’s Net::HTTPS usage (prior to 6.00) as used by WWW::Mechanize and LWP::UserAgent. When environments do not set the If-SSL-Cert-Subject header, full SSL certificate validation is not enabled by default, enabling MITM-style spoofing via hostnames that are not proper...

CVE-2011-0633

The Net::HTTPS module in libwww-perl LWP before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof...

CVE-2011-1406

CVE-2011-1406 affects Mahara prior to 1.3.6. If wwwroot is configured to HTTPS but the web server serves content over HTTP as well, users can log in via HTTP and credentials may be sniffed. Debian/OpenVAS advisories mirror this issue and recommend upgrading Mahara to the fixed version (1.3.6 or l...

CVE-2011-1406

Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login...