CVE-2004-2424

BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service network port consumption via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends...

MailEnable mail server multiple vulnerabilities

DoS on extended ASCII characted in EHLO command. Multiple IMAP buffer overflows. Authorization HTTPS buffer overflow...

Cisco Security Advisory: FWSM URL Filtering Solution TCP ACL Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: ======================== FWSM URL Filtering Solution TCP ACL Bypass Vulnerability ======================================================== Document ID: 64821 Revision 1.0 For Public Release 2005 May 11 1600 UTC GMT -...

CVE-2005-1517

The Cisco Firewall Services Module (FWSM) 2.3.1 and earlier is affected by a vulnerability where TCP packets can bypass access control lists (ACLs) when URL, FTP, or HTTPS filtering exceptions are used. This is documented in CVE-2005-1517 and referenced in Cisco’s security advisory and NVD record...

CVE-2004-0462

The CVE-2004-0462 issue concerns the built-in web servers in multiple networking devices failing to set the Secure attribute on cookies during HTTPS sessions, risking plaintext cookie exposure over HTTP. Connected materials (notably F5 BIG-IP SOL15406) specify affected products and versions, e.g....

CVE-2004-0462

The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server...

CVE-2005-1385

Safari 1.3 allows remote attackers to cause a denial of service application crash via a long https URL that triggers a NULL pointer dereference...

CVE-2005-1385

Safari 1.3 allows remote attackers to cause a denial of service application crash via a long https URL that triggers a NULL pointer dereference...

CVE-2005-1385

CVE-2005-1385 affects Safari 1.3. A remote attacker can trigger a denial of service (application crash) by supplying a long https URL that causes a NULL pointer dereference. The available records confirm the crash as the impact, with no additional exploit details or affected versions beyond the c...

MailEnable Enterprise & Professional https Remote BoF Exploit

No description provided by source. !/usr/bin/perl This tools and to consider only himself to educational purpose -=MailEnable Enterprise & Professional HTTPS remote BoF exploit=- -= =- -= Discovered & Coded by CorryL info:www.x0n3-h4ck.org=- -= irc.xoned.net x0n3-h4ck corryl80atgmail.com=-...

MailEnable Enterprise & Professional - https Remote Buffer Overflow

!/usr/bin/perl This tools and to consider only himself to educational purpose -=MailEnable Enterprise & Professional HTTPS remote BoF exploit=- -= =- -= Discovered & Coded by CorryL info:www.x0n3-h4ck.org=- -= irc.xoned.net x0n3-h4ck corryl80atgmail.com=- +Connecting to 127.0.0.1 +Sending Evil...

CVE-2005-0943

Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service device reload or drop user connection via a crafted HTTPS packet...

Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL Attack

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ================================================================= Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL attack ================================================================= Revision 1.0 For Public Release...

CVE-2005-0943

Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service device reload or drop user connection via a crafted HTTPS packet...

CVE-2004-0869

CVE-2004-0869 describes a vulnerability in Internet Explorer where cookies set over HTTP can be sent to the same domain over HTTPS/SSL, enabling a cookie to leak across security boundaries and potentially allow session hijacking. The cross security boundary cookie injection could occur even when ...

CVE-2004-0870

CVE-2004-0870 affects KDE Konqueror. The issue: cookies set over HTTP can be seen on HTTPS within the same domain, enabling potential cookie theft and unauthorized activity (Cross Security Boundary Cookie Injection). The core cause is insecure-channel cookies being presented on secure channels fo...

CVE-2004-0872

Opera does not prevent cookies that are sent over an insecure channel HTTP from also being sent over a secure channel HTTPS/SSL in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."...

CVE-2004-0871

CVE-2004-0871 refers to a cross security boundary cookie injection issue in which cookies set over HTTP can be presented to HTTPS in the same domain (the cookie domain attribute can enable leakage across secure boundaries). The connected documentation attributes this to multiple browsers (Interne...

CVE-2004-2424

BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service network port consumption via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends...

Web Server SSL Port HTTP Traffic Detection

Nessus has discovered that it is talking in plain HTTP on an SSL port. Nessus has corrected this issue by enabling HTTPS for this port only. However, if other SSL ports are used on the remote host, they might be skipped. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...