USN-957-1: Firefox and Xulrunner vulnerabilities

Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212 A...

Security Advisories from TEHTRI-Security at HITB Europe

Gents, TEHTRI-Security was invited to give a talk called "Web In The Middle, Attacking Clients", at the first Hack In The Box Europe, Amsterdam http://conference.hackinthebox.org/hitbsecconf2010ams/ . During our talk, we released multiple advisories and we explained many issues related to some...

Fedora 12 : squirrelmail-1.4.20-3.fc12 (2010-10244)

Tue Jun 22 2010 Michal Hlavinka - 1.4.20-3 - fix CVE-2010-1637 : mail fetch plugin's port-scans via non-standard POP3 server ports - Mon Jun 7 2010 Michal Hlavinka - 1.4.20-2 - add note to config file that https connections are forced by default - Mon Mar 8 2010 Michal Hlavinka - 1.4.20-1 -...

Fedora 13 : squirrelmail-1.4.20-3.fc13 (2010-10259)

Tue Jun 22 2010 Michal Hlavinka - 1.4.20-3 - fix CVE-2010-1637 : mail fetch plugin's port-scans via non-standard POP3 server ports - Mon Jun 7 2010 Michal Hlavinka - 1.4.20-2 - add note to config file that https connections are forced by default Note that Tenable Network Security has extracted...

CVE-2009-4912

Cisco Adaptive Security Appliances ASA 5580 series devices with software before 8.12 complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876...

Sysax Multi Server 5.25 Denial Of Service

Title: Sysax Multi ServerSFTP module "open", "unlink", "mkdir", "scpget" Commands DoS Vulnerabilities Product: Sysax Multi Server Vendor: Codeorigin, LLC Version: 5.25 earlier versions may also be affected Platform: Windows Type of Vulnerability: Buffer overflow --DoS Risk rating: Medium Date of...

Sysax Multi Server "open", "unlink", "mkdir", "scp_get" Commands DoS Vulnerabilities

Title: Sysax Multi ServerSFTP module "open", "unlink", "mkdir", "scpget" Commands DoS Vulnerabilities Product: Sysax Multi Server Vendor: Codeorigin, LLC Version: 5.25 earlier versions may also be affected Platform: Windows Type of Vulnerability: Buffer overflow --DoS Risk rating: Medium Date of...

Sysax Multi Server (SFTP module) Multiple Commands DoS Vulnerabilities

Exploit for windows platform in category dos / poc ====================================================================== Sysax Multi Server SFTP module Multiple Commands DoS Vulnerabilities ====================================================================== Title: Sysax Multi ServerSFTP modul...

Sysax Multi Server < 5.25 (SFTP Module) - Multiple Denial of Service Vulnerabilities

Title: Sysax Multi ServerSFTP module "open", "unlink", "mkdir", "scpget" Commands DoS Vulnerabilities Product: Sysax Multi Server Vendor: Codeorigin, LLC Version: 5.25 earlier versions may also be affected Platform: Windows Type of Vulnerability: Buffer overflow --DoS Risk rating: Medium Date of...

EFF and Tor Launch HTTPS Everywhere Firefox Extension

Two prominent privacy-rights organizations, the Tor Project and the Electronic Frontier Foundation, have launched a new Firefox extension that encrypts all of the browser’s communications with some prominent Web sites. The extension, called HTTPS Everywhere, is designed to create secure HTTPS...

CVE-2010-1406

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive...

Design/Logic Flaw

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive...

CVE-2010-1406

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive...

CVE-2010-1406

Removed by vendor...

Apache Tomcat 6.x < 6.0.9 Information Disclosure

According to its self-reported version number, the instance of Apache Tomcat 6.x listening on the remote host is prior to 6.0.9. It is, therefore, affected by an information disclosure vulnerability. If the remote Apache Tomcat install is configured to use the SingleSignOn Valve, the JSESSIONIDSS...

Apache Tomcat 4.x < 4.1.39 Multiple Vulnerabilities

According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.39. It is, therefore, affected by one or more of the following vulnerabilities : - If the remote Apache Tomcat install is configured to use the SingleSignOn Valve, the...

Fedora Update for aria2 FEDORA-2010-8915

Check for the Version of aria2 OpenVAS Vulnerability Test Fedora Update for aria2 FEDORA-2010-8915 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

CVE-2010-0596

Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1.dev.1 and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain...

Design/Logic Flaw

Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1.dev.1 and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain...

Design/Logic Flaw

Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the...