Code injection

The SingleSignOn Valve org.apache.catalina.authenticator.SingleSignOn in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

CVE-2008-0128

The SingleSignOn Valve org.apache.catalina.authenticator.SingleSignOn in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

DSA-1468-1 tomcat5.5

Bulletin has no description...

Debian: Security Advisory (DSA-1380-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-807-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 181-1 (libapache-mod-ssl)

The remote host is missing an update to libapache-mod-ssl announced via advisory DSA 181-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Anon Proxy Server Software Detection

The remote service is a proxy server named Anon Proxy Server, which can operate either as a normal HTTP / HTTPS / Socks proxy or a P2P anonymous proxy. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid29703;...

Authentication flaw

The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries...

CVE-2007-6385

The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries...

CVE-2007-6385

CVE-2007-6385 affects Kerio WinRoute Firewall (pre-6.4.1). The proxy server component does not properly enforce authentication for HTTPS pages. The underlying impact is stated as unknown within the available documents, and there is no detail on exploit vectors or specific conditions required for ...

CVE-2007-6385

The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries...

SquirrelMail G/PGP Plugin deletekey() Command Injection Exploit

No description provided by source. !/usr/local/bin/ruby puts"http://backdoored.net\n" puts "SquirrelMail G/PG deletekey command injection exploit\n" puts "http://backdoored.net Visit Us\n" puts "Coded by Backdoored member. \n" puts "--------------------------------------------------\n" if ARGV0 =...

squirrel-inject.txt

!/usr/local/bin/ruby puts"http://backdoored.net\n" puts "SquirrelMail G/PG deletekey command injection exploit\n" puts "http://backdoored.net Visit Us\n" puts "Coded by Backdoored member. \n" puts "--------------------------------------------------\n" if ARGV0 == nil && ARGV1 == nil && ARGV2 == n...

SquirrelMail GPGP Encryption Plugin - deletekey() Command Injection

SquirrelMail GPGP Encryption Plugin - deletekey Command Injection !/usr/local/bin/ruby puts"http://backdoored.net\n" puts "SquirrelMail G/PG deletekey command injection exploit\n" puts "http://backdoored.net Visit Us\n" puts "Coded by Backdoored member. \n" puts...

SquirrelMail G/PGP Encryption Plugin - 'deletekey()' Command Injection

!/usr/local/bin/ruby puts"http://backdoored.net\n" puts "SquirrelMail G/PG deletekey command injection exploit\n" puts "http://backdoored.net Visit Us\n" puts "Coded by Backdoored member. \n" puts "--------------------------------------------------\n" if ARGV0 == nil && ARGV1 == nil && ARGV2 == n...

NetScaler Unencrypted Web Management Interface

The remote Citrix NetScaler web management interface does not use TLS or SSL to encrypt connections. %NASLMINLEVEL 70300 netscalerwebunencrypted.nasl GPLv2 Changes by Tenable: - Revised plugin title 9/23/09 - Added CPE and updated copyright 10/18/2012 - Corrected encryption testing 1/2/2018 -...

QQ website login RSA encrypted transmission defect analysis-vulnerability warning-the black bar safety net

! QQ Thanks to anonymous people posting QQ website login not using https is encrypted, instead of using the RSA asymmetric encryption to protect transmission of passwords and sensitive information security. QQ is in javascript to achieve the entire process. This idea is very novel, but is also...

ertificate spoofing with subjectAltName and domain name wildcards

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Phishing for Confirmations Certificate spoofing with subjectAltName and domain name wildcards URL: http://nils.toedtmann.net/pub/subjectAltName.txt Version: 2007-11-16-07 Author: Nils Toedtmann [email protected] License: Dual...

Ubuntu 6.06 LTS / 6.10 / 7.04 : elinks vulnerability (USN-519-1)

Kalle Olavi Niemitalo discovered that if elinks makes a POST request to an HTTPS URL through a proxy, information may be sent in clear-text between elinks and the proxy. Attackers with access to the network could steal sensitive information such as passwords. Note that Tenable Network Security ha...

CVE-2002-2405

Check Point FireWall-1 4.1 and Next Generation NG, with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall...