CVE-2013-6926

The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a 1 guest or 2 operator account...

[THC-Hydra 7.5] Fast Parallel Network Logon Cracker

Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast. Features IPv6 Support Graphic User Interface Internationalized support RFC 4013 HTTP proxy support SOCKS proxy support The tool suppor...

Fedora Update for nss-util FEDORA-2013-23301

Check for the Version of nss-util OpenVAS Vulnerability Test Fedora Update for nss-util FEDORA-2013-23301 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for firefox FEDORA-2013-23127

Check for the Version of firefox OpenVAS Vulnerability Test Fedora Update for firefox FEDORA-2013-23127 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Safari Stores Previous Browsing Session Data Unencrypted

Users of Apple’s Safari browser are at risk for information loss because of a feature common to most browsers that restores previous sessions. The problem with Safari is that it stores session information including authentication credentials used in previous HTTPS sessions in a plaintext XML file...

Fedora 19 : monitorix-3.4.0-1.fc19 (2013-22677)

3.4.0 - 02-Dec-2013 ==================== - Added a complete statistical Memcached graph. 27 - Added support for different BIND stats versions 2 and 3 right now. thanks to Ivo Brhel, ivb AT volny.cz - Added two new alerts in the 'disk' graph in order to know if a disk drive has exceeded or reached...

ANSSI Improperly Issued Digital Certificates HTTPS Spoofing

Several improperly issued CA certificates could be used in HTTPS spoofing attacks...

EMC Data Protection Advisor DPA Illuminator - EJBInvokerServlet Remote Code Execution

EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution tested against: Microsoft Windows Server 2008 r2 sp1 EMC Data Protection Advisor 5.8 sp5 vulnerability: the "DPA Illuminator" service DPAIlluminator.exe listening on public port 8090 tcp/http and 8453 tcp/https is...

[Wapiti 2.3.0] Web Application Vulnerability Scanner

Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti act...

Fedora Update for python-djblets FEDORA-2013-20817

Check for the Version of python-djblets OpenVAS Vulnerability Test Fedora Update for python-djblets FEDORA-2013-20817 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

Twitter Implements Perfect Forward Secrecy

Twitter took another step toward not only securing the privacy of its users’ communication over the social network, but in warding off the prying eyes of government surveillance with the implementation of Perfect Forward Secrecy. The technology thwarts the efforts of anyone who may be collecting...

EFF Encrypt the Web Report Shows Crypto Leaders, Laggards

There’s nothing like a little peer pressure to nudge someone toward doing the right thing. That’s the philosophy behind the Electronic Frontier Foundation’s Encrypt the Web Report, which examines the encryption capabilities of 18 leading Internet companies, including large carriers, social...

A jingdong log security vulnerabilities-vulnerability warning-the black bar safety net

Table of Contents 1 Introduction 2 the inspection process 3 Summary 1 Introduction Recently looking at an open source site code, found if the login page via the http Protocol requests, will be redirected to use the https Protocol of the url, so you can ensure login security. Today a whim, want to...

PineApp MailSecure Command Execution

Hi, related this: http://seclists.org/fulldisclosure/2013/Nov/136 In February 2013 I send Pineapp the following information: ----------------------------------------------------------------- It is possible execute any command bash as qmailq unprivilege user, sending only the following https...

Yahoo to Give Users Option for SSL on All Web Properties

Following months of criticism from security experts and privacy advocates for not deploying SSL across its Web offerings, Yahoo on Monday announced that it will be giving users the option to encrypt all of the data they exchange with the company by the end of the first quarter next year. The chan...

HTTP/2 Supports only HTTPS URIs

The head of the working group designing the next version of HTTP said the HTTP/2 protocol will work only with encrypted URIs. “I believe the best way that we can meet the goal of increasing use of TLS on the Web is to encourage its use by only using HTTP/2.0 with https:// URIs,” wrote Mark...

Private key in key.pem world readable

Description Due to incorrect directory and file permissions a local attacker might obtain the private key that is used for the SSL/TLS encryption for ldaps including STARTTLS on ldap and https network traffic. The attacker is then able to decrypt encrypted network traffic which may contain...

SA-CONTRIB-2013-088 - Secure Pages - Missing Encryption of Sensitive Data

The Secure Pages module manages redirects between HTTP and HTTPS pages. A flaw in the URL path matching could lead some pages and forms to be transmitted via plain HTTP, even if the administrator intended those pages to use HTTPS. This flaw may surface either due to a malicious user enticing a us...

Apple Turns on BEAST Attack Mitigation by Default in Safari

Apple enabled a feature in its recent OS X Mavericks update that neutered the BEAST cryptographic attacks. BEAST is a two-year-old attack tool that exploits a vulnerability in TLS 1.0 and SSL 3.0 and could lead to an attacker stealing HTTPS cookies or hijacking browser sessions. Apple’s Safari...

CVE-2013-5537

The web framework on Cisco Web Security Appliance WSA, Email Security Appliance ESA, and Content Security Management Appliance SMA devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service management GUI outage via multiple T...