CentOS Update for nss CESA-2011:1444 centos4 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for xulrunner CESA-2011:1268 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for nspr CESA-2011:1282 centos4 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

SA-CONTRIB-2012-118 - Secure Login - Open Redirect

Secure Login module enables the user login and other forms to be submitted securely via HTTPS, thus preventing passwords and other private user data from being transmitted in clear text. In addition, Secure Login module by default redirects non-HTTPS GET requests for pages containing forms that i...

Information disclosure

auth/ldap/ntlmssoattempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2012-3394

auth/ldap/ntlmssoattempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by sniffing the network...

Symantec Web Gateway 5.0.2 - 'blocked.php?id' Blind SQL Injection

!/usr/bin/python Exploit Title: Symantec Web Gateway 5.0.2 blocked.php id parameter Blind SQL Injection Date: Jul 23 2012 Author: muts Version: Symantec Web Gateway 5.0.2 Vendor URL: http://www.symantec.com Timeline: 29 May 2012: Vulnerability reported to CERT 30 May 2012: Response received from...

CVE-2012-2357

The Multi-Authentication feature in the Central Authentication Service CAS functionality in auth/cas/casform.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network...

CVE-2012-2357

The Multi-Authentication feature in the Central Authentication Service CAS functionality in auth/cas/casform.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network...

CVE-2012-2357

The Multi-Authentication feature in the Central Authentication Service CAS functionality in auth/cas/casform.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network...

CVE-2012-2357

CVE-2012-2357 affects Moodle 2.1.x (before 2.1.6) and 2.2.x (before 2.2.3). The issue is in the Multi-Authentication CAS feature (auth/cas/cas_form.html) that does not use HTTPS, enabling credential sniffing over the network by remote attackers. The root cause is unauthenticated, unencrypted tran...

CVE-2011-4585

login/changepassword.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network...

PT-2012-1917 · Moodle · Moodle

Name of the Vulnerable Software and Affected Versions: Moodle versions 1.9.x through 1.9.14 Description: The issue concerns the change-password form in the login/change password.php file. It does not utilize https for encryption, even when the httpslogin option is enabled. This oversight allows...

Mozilla Releases Firefox 14.01 With Secure Google Search By Default

Mozilla has released Firefox 14.01, a new version of its browser which now includes encrypted Google search by default, as well as improvements to the address bar to make the identity of a site owner and the security of its connection clearer. The biggest change in Firefox 14.01 is the addition o...

MS12-049: Vulnerability in TLS Could Allow Information Disclosure (2655992)

A design flaw in the CBC mode of operation on the TLS protocol can allow encrypted TLS traffic to be decrypted. This vulnerability could allow for the decryption of HTTPS traffic by an unauthorized third party. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid59912;...

Design/Logic Flaw

The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a...

RedHat Update for ca-certificates RHSA-2011:1248-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

tls-nextprotoneg NSE Script

Enumerates a TLS server's supported protocols by using the next protocol negotiation extension. This works by adding the next protocol negotiation extension in the client hello packet and parsing the returned server hello's NPN extension data. For more information, see: Script Arguments...

Moderate: Red Hat Security Advisory: mod_cluster security update

Updated modcluster packages that fix one security issue are now available for JBoss Enterprise Web Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...

Moderate: Red Hat Security Advisory: mod_cluster security update

Updated modcluster packages that fix one security issue are now available for JBoss Enterprise Application Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CV...