7 Ways to Improve Your Network's Web Security

7 Ways to Improve Your Network's Web Security Admins looking to improve on their company's web security often turn to software solutions to help assess and automate their security tasks. Good web security software can make surfing the web safe and secure by protecting users from potential...

Firefox Users to Get Secure Google Search by Default

Mozilla has made a small but important change to the way that its Firefox browser handles search queries directed to Google, making the search provider’s encrypted search service the default option. The modification is in is not in the stable version of Firefox yet, but users who download the dai...

Innominate MGuard Weak HTTPS and SSH Keys

Overview An independent research group comprised of Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman identified an insufficient entropy vulnerability in Innominate’s mGuard network appliance product line. By impersonating the device, an attacker can obtain the credentials of...

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage:...

Ubuntu Update for ubuntuone-couch USN-1381-1

Ubuntu Update for Linux kernel vulnerabilities USN-1381-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN13811.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for ubuntuone-couch USN-1381-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH,...

Ubuntu: Security Advisory (USN-1381-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[USN-1375-1] httplib2 vulnerability

========================================================================== Ubuntu Security Notice USN-1375-1 February 27, 2012 python-httplib2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

AneCMS v. 2e2c583 local file containing the defect and repair-vulnerability warning-the black bar safety net

Title: AneCMS v. 2e2c583 LFI exploit Author Author: I2sec-PJH Software development website: https://github.com/AneGroup/AneCMS Affected version: v. 2e2c583 Overview source of index. php page the presence of defects Code analysis is as follows 1. ifisset$GET'p' 2. include './ pages/'.$ GET'p'.'...

Sysax SSH Username Remote Code Execution

Added: 03/06/2012 BID: 52190 OSVDB: 79689 Background Sysax Multi Server is a Secure FTP Server and SSH2 Secure Shell Server combined into a single product. It simultaneously supports remote access and file transfer using FTP, FTPS, SFTP, Telnet, and Secure Shell. It also supports web based file...

Sysax SSH Username Remote Code Execution

Added: 03/06/2012 BID: 52190 OSVDB: 79689 Background Sysax Multi Server is a Secure FTP Server and SSH2 Secure Shell Server combined into a single product. It simultaneously supports remote access and file transfer using FTP, FTPS, SFTP, Telnet, and Secure Shell. It also supports web based file...

Ubuntu 11.10 : ubuntuone-couch vulnerability (USN-1381-1)

It was discovered that Ubuntu One Couch did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information. Note that Tenable Network...

EFF's HTTPS Everywhere Plugin Detects Bad Certs, Security Flaws

The EFF has released a new version of its HTTPS Everywhere browser extension, and users can now turn on a feature that will send the EFF copies of digital certificates that the browser encounters, allowing the organization to look for flawed, fake or expired certificates. The new capability is...

USN-1381-1: Ubuntu One Couch vulnerability

It was discovered that Ubuntu One Couch did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information...

CVE-2012-0370

Cisco Wireless LAN Controller WLC devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service device reload via a sequence of 1 HTTP or 2 HTTPS packets, aka Bug ID CSCtt47435...

Code injection

Cisco Wireless LAN Controller WLC devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service device reload via a sequence of 1 HTTP or 2 HTTPS packets, aka Bug ID CSCtt47435...

CVE-2012-0370

CVE-2012-0370 affects Cisco Wireless LAN Controllers (WLC) with Cisco WLC software versions 4.x, 5.x, 6.0 and 7.0 before 7.0.220.0, and 7.1 before 7.1.91.0, when WebAuth is enabled. The WebAuth Denial of Service vulnerability allows an unauthenticated remote attacker to cause a device reload by s...

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity,...

Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : python-httplib2 vulnerability (USN-1375-1)

The httplib2 Python library earlier than version 0.7.0 did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information in applications...

USN-1375-1: httplib2 vulnerability

The httplib2 Python library earlier than version 0.7.0 did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information in...