7649 matches found
Open redirect
Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312...
CVE-2010-3312
CVE-2010-3312 affects Epiphany (2.28/2.29) when using WebKit and LibSoup, where the UI unconditionally shows a closed-lock icon for any https URL, potentially enabling MITM via a crafted X.509 certificate. Related advisories mention Midori pre-0.2.5 and OpenSUSE/openSUSE libwebkit/WebKitGTK+ vers...
CVE-2010-3900
Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312...
CVE-2010-3900
Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312...
SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6657)
The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's modssl was vulnerable to this kind of...
SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6655)
The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's modssl was vulnerable to this kind of...
Non-secure content warning in IE8 on the Dashboards screen caused by the wiki renderer
Wiki renderer-generated contents e.g. in the activity stream include references to icons with http prefix that cause IE8 to generate security warnings for JIRA instances accessible via HTTPS. To reproduce it, have contents in the activity stream gadget contain icons included by the wiki renderer,...
Non-secure content warning in IE8 on the Dashboards screen caused by the wiki renderer
Wiki renderer-generated contents e.g. in the activity stream include references to icons with http prefix that cause IE8 to generate security warnings for JIRA instances accessible via HTTPS. To reproduce it, have contents in the activity stream gadget contain icons included by the wiki renderer,...
Non-secure content warning in IE8 on the Dashboards screen caused by the wiki renderer
Wiki renderer-generated contents e.g. in the activity stream include references to icons with http prefix that cause IE8 to generate security warnings for JIRA instances accessible via HTTPS. To reproduce it, have contents in the activity stream gadget contain icons included by the wiki renderer,...
firefox, nspr, nss, xulrunner security update
CentOS Errata and Security Advisory CESA-2010:0681 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVS...
Critical: Red Hat Security Advisory: firefox security update
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...
VPSProxy (PHP Secure proxy + GUI)
PHP Secure proxy - программа для туннелирования HTTP/HTTPS трафика через PHP-гейт. На написание меня подтолкнула идея bons'a, в реализации которого не было необходимого мне функционала, и самое главное, GUI. Возможности + Поддержка HTTPS для php-гейтов. + Туннелирование HTTPS трафика добавлено в...
Unfixed XSS vulnerability at www.extrakredit.de
Security researcher Venom23, has submitted on 09/04/2010 a cross-site-scripting XSS vulnerability affecting www.extrakredit.de, which at the time of submission ranked 2068350 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/07/2010. It is...
Firefox 4 to Include HTTP Strict Transport Security Support
In an effort to help mitigate man-in-the-middle attacks that make normal HTTP connections look like secured HTTPS sessions, Mozilla is adding support in Firefox 4 for a new technology called HTTP Strict Transport Security that enables site operators to tell browsers to always request an HTTPS...
[SECURITY] Fedora 14 Update: openconnect-2.25-1.fc14
This package provides a client for Cisco's "AnyConnect" VPN, which uses HTTPS and DTLS protocols...
Fedora Update for openconnect FEDORA-2010-12253
Check for the Version of openconnect OpenVAS Vulnerability Test Fedora Update for openconnect FEDORA-2010-12253 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...
Fedora Update for openconnect FEDORA-2010-12257
Check for the Version of openconnect OpenVAS Vulnerability Test Fedora Update for openconnect FEDORA-2010-12257 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...
[SECURITY] Fedora 13 Update: openconnect-2.25-1.fc13
This package provides a client for Cisco's "AnyConnect" VPN, which uses HTTPS and DTLS protocols...
[SECURITY] Fedora 12 Update: openconnect-2.25-1.fc12
This package provides a client for Cisco's "AnyConnect" VPN, which uses HTTPS and DTLS protocols...
tomcat5 SSO cookie login information disclosure
The SingleSignOn Valve org.apache.catalina.authenticator.SingleSignOn in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...