Safari < 6.0.1 Multiple Vulnerabilities

Binary data 6582.prm...

For SSL the latest method of attack CRIME of the principles and technical details-vulnerability warning-the black bar safety net

Author:Pnig0s decodingFreeBuf We may concern before the for SSL a attack technique, called the BEAST. This is still found in BEAST of the two greatJuliano Rizzoand Thai Duong discovered another new attack on HTTPS techniques, and before of similar, called“CRIME”is. BEAST to from SSL/TLS encrypted...

Demo of the CRIME TLS Attack

Security researchers Juliano Rizzo and Thai Duong have developed a new attack called CRIME on the TLS protocol that uses the compression ratio in TLS requests as a side channel to gather information that enables them to decrypt the requests and extract users’ cookies. The attack works against bot...

Почта Mail.Ru началаиспользовать HTTPS-шифрованиепо умолчанию для всехпользователей.

Оригинал: http://www.anti-malware.ru/news/2012-09-13/10010 Дата добавления: 13.09.12 Поддержка HTTPS уже существовала в Почте Mail.Ru — эту опцию можно было выбрать в настройках; теперь же Mail.Ru включает шифрование трафика по умолчанию защита включена всегда по умолчанию. В Почте Mail.Ru...

Microsoft OneDrive Detection via HTTPS

Binary data 6572.prm...

Novell File Reporter Agent VOL Tag Remote Code Execution (uncredentialed check)

Binary data novellfilereporteragentzdi-12-167.nbin...

Slackware: Security Advisory (SSA:2011-086-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2011-086-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CRIME : New SSL/TLS attack for Hijacking HTTPS Sessions

Two security researchers claim to have developed a new attack that can decrypt session cookies from HTTPS Hypertext Transfer Protocol Secure connections. From the security researchers who created and demonstrated the BEAST Browser Exploit Against SSL/TLS tool for breaking SSL/TLS encryption comes...

Fedora Update for mozilla-https-everywhere FEDORA-2012-7051

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for openconnect FEDORA-2012-6689

Check for the Version of openconnect OpenVAS Vulnerability Test Fedora Update for openconnect FEDORA-2012-6689 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Fedora Update for mozilla-https-everywhere FEDORA-2012-7051

Check for the Version of mozilla-https-everywhere OpenVAS Vulnerability Test Fedora Update for mozilla-https-everywhere FEDORA-2012-7051 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribut...

CVE-2012-3976

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page...

CVE-2012-3976

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page...

Symantec Endpoint Protection code execution

Multiple security vulnerabilities on TCP/8433 https request parsing...

CVE-2010-5189

Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session...

Session fixation

Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session...

CVE-2010-5189

Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session...

Session fixation

Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set the secure flag for the Encrypted Session SSL cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2012-4592

The Portal in McAfee Enterprise Mobility Manager EMM before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...