7607 matches found
DSA-2458-1 iceape - several
Bulletin has no description...
DSA-2457-1 iceweasel - several
Bulletin has no description...
OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity,...
CGIProxy Detection
The remote web server hosts CGIProxy nph-proxy.cgi, a web-based proxy script. This script allows remote users to retrieve any resource via HTTP, HTTPS, or FTP that is accessible from the server the script is running on. C Tenable Network Security, Inc. include"compat.inc"; ifdescription...
CVE-2012-2125
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...
Confluence does not respect HTTPS in Server Base URL when 301 redirecting
We have Confluence setup behind an Apache reverse proxy and our Server Base URL is set to "https://confluence...". However, when Confluence sends out a 301, it always sends the Location: http://confluence..., which then gets redirected by Apache to https://confluence... Confluence should respect...
Confluence does not respect HTTPS in Server Base URL when 301 redirecting
We have Confluence setup behind an Apache reverse proxy and our Server Base URL is set to "https://confluence...". However, when Confluence sends out a 301, it always sends the Location: http://confluence..., which then gets redirected by Apache to https://confluence... Confluence should respect...
Confluence does not respect HTTPS in Server Base URL when 301 redirecting
We have Confluence setup behind an Apache reverse proxy and our Server Base URL is set to "https://confluence...". However, when Confluence sends out a 301, it always sends the Location: http://confluence..., which then gets redirected by Apache to https://confluence... Confluence should respect...
CVE-2012-0147
Microsoft Forefront Unified Access Gateway UAG 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."...
Opera 'HTTPS-Session' Multiple Vulnerabilities (Linux)
The host is installed with Opera and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperahttpssessionsmultvulnlin.nasl 5931 2017-04-11 09:02:04Z teissa $ Opera 'HTTPS-Session' Multiple Vulnerabilities Linux Authors: Madhuri D Copyright: Copyright c 2012 Greenbone Networks...
Opera 'HTTPS-Session' Multiple Vulnerabilities - Linux
Opera is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RedHat Update for rpm RHSA-2012:0451-01
Check for the Version of rpm OpenVAS Vulnerability Test RedHat Update for rpm RHSA-2012:0451-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
BackupPC < 3.2.1 Multiple XSS Vulnerabilities - Active Check
BackupPC is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Fedora Update for curl FEDORA-2012-0894
Check for the Version of curl OpenVAS Vulnerability Test Fedora Update for curl FEDORA-2012-0894 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
Cisco IOS Software Command Security Bypass (cisco-sa-20120328-pai)
According to its self-reported version and configuration, the Cisco IOS software running on the remote device is affected by a security bypass vulnerability in the Authentication, Authorization, and Accounting AAA feature. An authenticated, remote attacker can exploit this, via an HTTP or HTTPS...
CVE-2012-0384
Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended acce...
Authorization
Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended acce...
CVE-2012-0384
Summary: CVE-2012-0384 maps to a Cisco IOS/IOS XE authentication bypass vulnerability where, if AAA authorization is enabled and the HTTP/HTTPS server is active, a remote, authenticated user can bypass access restrictions and execute commands at the user’s authorization level. Affected software i...
CVE-2012-0384
Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended acce...
Cisco IOS授权安全绕过漏洞(CVE-2012-0384)
Bugtraq ID: 52755 CVE ID:CVE-2012-0384 Cisco IOS是一款流行的Internet操作系统 Cisco IOS允许通过HTTP或HTTPS链接对设备进行管理和监控。Cisco IOS命令授权存在安全漏洞,允许通过验证的HTTP或HTTPS会话绕过授权以它们的授权级别执行任意Cisco IOS命令。此漏洞不允许未验证访问,需要提供合法用户名和密码来利用此漏洞。此外漏洞不允许用户执行自身特权级别之外的命令 0 Cisco IOS XE 2.6.2 Cisco IOS XE 2.6.1 Cisco IOS XE 2.5.2 Cisco IOS XE...