Design/Logic Flaw

Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted...

Design/Logic Flaw

Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host v...

CVE-2013-1451

Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted...

CVE-2013-1450

Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host v...

Microsoft Internet Explorer 8/9 - Steal Any Cookie

Exploit Title: Internet Explorer 8 & Internet Explorer 9 steal any Cookie Date: 27.01.2013 Exploit Author: Christian Haider; Email: christian.haider.poc @ gmail dot com; linkedin: http://www.linkedin.com/in/chrishaider Category: remote Vendor Homepage: http://www.microsoft.com Version: IE 8, IE 9...

RHEL 5 : nss (RHSA-2012:0532)

Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Extended Update Support The Red Hat Security Response Team has rated this update as having important security impact. Network Security Services NSS is a set of libraries designed to support the...

Ubuntu Update for tomcat7 USN-1685-1

Check for the Version of tomcat7 OpenVAS Vulnerability Test $Id: gbubuntuUSN16851.nasl 8526 2018-01-25 06:57:37Z teissa $ Ubuntu Update for tomcat7 USN-1685-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...

USN-1685-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially-crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu...

phlyLabs phlyMail Lite 4.03.04 - 'go' Open Redirect

phlyLabs phlyMail Lite 4.03.04 go param Open Redirect Vulnerability Vendor: phlyLabs Product web page: http://www.phlymail.com Affected version: Lite 4.03.04 Summary: phlyMail offers you an interface in the browser to have access to your emails, contacts, appointments, tasks, files and bookmakrs...

Researcher: Nokia HTTPs Traffic Proxied, Data Stored in Clear Text

Nokia mobile devices redirect Web requests to Nokia-owned proxy servers where header information including credentials are stored in clear text, putting anything from banking sessions to social media accounts at risk, a researcher claims. India-based researcher Gaurang Pandya, an infrastructure...

Yahoo Makes SSL Option Available For Mail Users

Following a trail cut several years ago by Google and Microsoft, Yahoo has now given users of its webmail service the option of using an SSL connection for their sessions. The HTTPS option is not enabled by default, but users can turn it on with a couple of clicks. Yahoo has been slow to make the...

Moderate: Red Hat Bug Fix Advisory: mod_nss bug fix update

Updated modnss packages that fix multiple bugs are now available for Red Hat Enterprise Linux 5. The modnss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, using the Network Security Services NSS security...

FreeBSD : puppet -- multiple vulnerabilities (101f0aae-52d1-11e2-87fe-f4ce46b9ace8)

puppet -- multiple vulnerabilities Arbitrary file read on the puppet master from authenticated clients high. It is possible to construct an HTTP get request from an authenticated client with a valid certificate that will return the contents of an arbitrary file on the Puppet master that the maste...

Design/Logic Flaw

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service infinite loop by terminating the connection during the reading of a...

CVE-2012-4534

Removed by vendor...

CVE-2012-4534

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service infinite loop by terminating the connection during the reading of a...

Novell File Reporter FSFUI File Upload

Added: 12/17/2012 CVE: CVE-2012-4959 BID: 56579 OSVDB: 87573 Background Novell File Reporter is software that allows network administrators to identify files stored on the network and generates reports regarding the size of individual files, file type, when files were last accessed, and where...

Novell File Reporter FSFUI File Upload

Added: 12/17/2012 CVE: CVE-2012-4959 BID: 56579 OSVDB: 87573 Background Novell File Reporter is software that allows network administrators to identify files stored on the network and generates reports regarding the size of individual files, file type, when files were last accessed, and where...

Microsoft Windows multiple security vulnerabilities

Buffer overflow on OpenType and TrueType fonts parsing, memory corruption on filname handling, DirectPlay buffer overflow, DirectAccess IP-HTTPS insufficient certificate check...

CVE-2012-2549

The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability."...