Unified Automation OPC SDK OpenSSL Vulnerability

OVERVIEW On April 09, 2014, Unified Automation GmbH announced that its OPC UA Software Development Kits SDKs for Windows included vulnerable OpenSSL libraries. HTTPS support is disabled by default in Unified Automation SDK products. However if HTTPS is used, Unified Automation recommends replacin...

Symantec Endpoint Protection Manager XML外部实体注入漏洞

BUGTRAQ ID: 65466 CVECAN ID: CVE-2013-5014 Symantec Endpoint Protection SEP是由Symantec Corporation开发的新一代反病毒和防火墙产品。 Symantec Endpoint Protection Manager 11.0、Symantec Endpoint Protection Center Small Business Edition 12.0、Symantec Endpoint Protection Manager...

CentOS Update for wget CESA-2014:0151 centos6

Check for the Version of wget OpenVAS Vulnerability Test CentOS Update for wget CESA-2014:0151 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

wget security update

CentOS Errata and Security Advisory CESA-2014:0151 An updated wget package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS...

Scientific Linux Security Update : wget on SL6.x i386/x86_64 (20140210)

It was discovered that wget used a file name provided by the server when saving a downloaded file. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client. CVE-2010-2252 Note: With this update, wget always us...

RHEL 6 : wget (RHSA-2014:0151)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2014:0151 advisory. The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Wget provides various useful features, such as the...

RedHat Update for wget RHSA-2014:0151-01

Check for the Version of wget OpenVAS Vulnerability Test RedHat Update for wget RHSA-2014:0151-01 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

RedHat Update for wget RHSA-2014:0151-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-1930

Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to 1 AppSelfService.aspx and 2 AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging...

Design/Logic Flaw

Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to 1 AppSelfService.aspx and 2 AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging...

CVE-2014-1930

Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to 1 AppSelfService.aspx and 2 AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging...

CVE-2014-1930

Visibility Software Cyber Recruiter prior to version 8.1.00 is vulnerable due to an improper HTTPS transport/response header configuration that permits browser-history access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx, enabling an attacker to obtain sensitive information from an unatten...

Low: Red Hat Security Advisory: wget security and bug fix update

An updated wget package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

HackerOne: LinkedIN URL should be HTTPS

Not really a security bug, but I think will be a good idea to add HTTPS on LinkedIN Share Button. Example page In the right side of page: https://hackerone.com/reports/547 LinkedIN redirect to HTTPS after click, but cookie is sent on the network before that. Thanks!...

Fedora Update for libXfont FEDORA-2014-0443

Check for the Version of libXfont OpenVAS Vulnerability Test Fedora Update for libXfont FEDORA-2014-0443 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

MyBB 1.6.12 POST Cross Site Scripting

alert/XSS/ " / document.exploit.submit;...

Fedora Update for xen FEDORA-2014-1559

Check for the Version of xen OpenVAS Vulnerability Test Fedora Update for xen FEDORA-2014-1559 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

Fedora Update for nss-softokn FEDORA-2013-22756

Check for the Version of nss-softokn OpenVAS Vulnerability Test Fedora Update for nss-softokn FEDORA-2013-22756 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Debian DSA-2849-1 : curl - information disclosure

Paras Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user. %NASLMINLEVEL 70300 C Tenable...

[SECURITY] [DSA 2849-1] curl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2849-1 [email protected] http://www.debian.org/security/ Florian Weimer January 31, 2014 http://www.debian.org/security/faq -...