CentOS 6 : rubygems (CESA-2013:1441)

An updated rubygems package that fixes three security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...

RHEL 6 : rubygems (RHSA-2013:1441)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2013:1441 advisory. RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that RubyGems did not verify SSL connections...

Scientific Linux Security Update : rubygems on SL6.x (noarch) (20131017)

It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. CVE-2012-2126 It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the...

Moderate: Red Hat Security Advisory: rubygems security update

An updated rubygems package that fixes three security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...

CVE-2013-0500

IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of...

CVE-2013-0500

IBM Storwize V7000 Unified (1.3.0.0–1.4.1.1) is affected by CVE-2013-0500 due to a flaw in handling special files (character/block devices) created by NFS and later accessed via non‑NFS NAS protocols (CIFS, HTTPS, SCP, SFTP). An authenticated NAS user could read, modify, or manipulate configurati...

Command injection

The Clientless SSL VPN feature in Cisco Adaptive Security Appliance ASA Software 8.x before 8.25.44, 8.3.x before 8.32.39, 8.4.x before 8.45.7, 8.6.x before 8.61.12, 9.0.x before 9.02.6, and 9.1.x before 9.11.7 allows remote attackers to cause a denial of service device reload via crafted HTTPS...

Two Instagram Android App Security Vulnerabilities

Affected app: Instagram for Android Affected versions: 4.0.2 and 4.1.2, probably also earlier versions as well as iOS affected. Summary After the Instagram iOS vulnerability discovered last year 1, the app's HTTP API has been extended with a cryptographic authentication for changes like "likes" a...

CVE-2013-6044

The issafeurl function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting XSS or other vulnerabilities into Django applications that use this function, a...

CVE-2012-2125

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...

CVE-2012-2125

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...

Design/Logic Flaw

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...

CVE-2012-2125

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...

CVE-2012-2125

CVE-2012-2125 affects RubyGems prior to 1.8.23, where HTTPS connections could be redirected to HTTP, enabling a remote attacker to observe or modify a gem during installation via a man‑in‑the‑middle. The accompanying open‑source advisories and OS patch references document this issue across multip...

CVE-2012-2125

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...

Discuz!配置不当可导致CSRF发帖

简要描述： Discuz!配置不当可导致CSRF发帖 详细说明： 这个漏洞中评论说的 WooYun: Discuz!全版本鸡肋CSRF漏洞一枚 ，由于crossdomain.xml配置不当，可能会导致一些问题。评论时只是有个基本的印象，没有实测，既然xsser说有对这个的防御，那来看看是怎么防的. crossdomain.xml的默认设置： 对dz的代码结构不熟，按黑盒来测。 首先是读取那个formhash，看来有了crossdomain.xml的帮助，很容易的读到了当前用户的formhash。 function gethash function getformhashtxt txt =...

Multiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20090727-wlc)

The remote Cisco Wireless LAN Controller WLC is affected by one or more of the following vulnerabilities: - Malformed HTTP or HTTPS authentication response Denial of Service CVE-2009-1164 - SSH connections Denial of Service CVE-2009-1165 - Crafted HTTP or HTTPS request Denial of Service...

Cisco Unified Communications Manager (CUCM) Web Detection

The web interface for Cisco Unified Communications Manager CUCM was detected. Note: This plugin does not report anything. It only collects version information to be used downstream. C Tenable, Inc. include'compat.inc'; if description scriptid70088; scriptversion"1.8";...

Cisco IronPort PostX < 6.2.9.1 Multiple Vulnerabilities

The version of Cisco IronPort PostX on the remote device is a version prior to 6.2.9.1. As such, it is affected by multiple vulnerabilities : - An unspecified vulnerability in the administrative interface in the embedded HTTPS server allows remote attackers to read arbitrary files via unknown...

Facebook Android Bug Sent Users' Photos in the Clear

A researcher has discovered a privacy bug in the Facebook Android app that enables an attacker to view and download any images that a user sends to Facebook. The problem derives from the fact that the app, along with the official Facebook Messenger app for Android, don’t send those images over...