PHP 5.3.x Hash Collision Proof Of Concept Code

''' This script was written by Christian Mehlmauer Original PHP Payloadgenerator taken from https://github.com/koto/blog-kotowicz-net-examples/tree/master/hashcollision CVE : CVE-2011-4885 requires Python 2.7 Examples: - Make a single Request, wait for the response and save the response to...

[SECURITY] [DSA 2368-1] lighttpd security update

--------------------------------------------------------------------------- Debian Security Advisory DSA-2368-1 [email protected] http://www.debian.org/security/ Nico Golde Dec 20th, 2011 http://www.debian.org/security/faq -...

CVE-2011-4849

The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by help.php a...

CVE-2011-4728

The Server Administration Panel in Parallels Plesk Panel 10.2.0build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies us...

Design/Logic Flaw

The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by help.php a...

CVE-2011-4849

The CVE-2011-4849 entry affects Parallels Plesk Panel 10.4.4_build20111103.18, where the Control Panel does not set the Secure flag on cookies during HTTPS sessions. This can allow an attacker to capture the cookies by intercepting HTTP traffic, as demonstrated by cookies used by help.php and oth...

SuSE 10 Security Update : Mozilla XULrunner (ZYPP Patch Number 7427)

Mozilla XULRunner 1.9.1 was updated to version 1.9.1.18 to fix the following security issue : - Several invalid HTTPS certificates were placed on the certificate blacklist to prevent their misuse. MFSA 2011-11 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugi...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7421)

MozillaFirefox was updated to version 3.6.16 to fix several security issues : - Several invalid HTTPS certificates were placed on the certificate blacklist to prevent their misuse. MFSA 2011-11 - Several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products hav...

[SECURITY] Fedora 15 Update: nginx-1.0.10-1.fc15

Nginx engine x is an HTTPS server, HTTPS reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev...

Your Android Phone is Spying On You, Use custom ROM To Protect your Privacy

Your Android Phone is Spying On You, Use custom ROM To Protect your Privacy In this digital age, privacy is more important than ever. Just because you "don't have anything to hide," does not mean that you shouldn't value your privacy or fight for it when companies do things like this, especially...

Fedora 14 : nss-3.12.10-7.fc14 (2011-15586)

This security update revokes trust in DigiCert Sdn. Bhd Intermediate Certificate Authority from NSS - rhbz751674 It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority CA issued HTTPS certificates with weak keys. This update renders any HTTPS certificates signed...

Google Implements Forward Secrecy

Google is stepping up their security game in a big way for the second time this year: introducing a more secure browsing method known as forward secrecy in Gmail and a number of other Web-based services, according to a post on the GoogleOnlineSecurity blog. In recent months, the Silicon Valley...

Medium: nss

Issue Overview: It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority CA issued HTTPS certificates with weak keys. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and co...

Apple iOS CFNetwork敏感信息泄露漏洞

CVE ID：CVE-2011-3246 Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。 CFNetwork处理恶意特制URL存在问题，当访问特制的HTTP或HTTPS URL时，CFNetwork会导航到不正确的服务器上。 Apple iOS 5.x for iPhone 3GS and later Apple iOS for iPod touch 5.x 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息： http://support.apple.com/kb/HT5052...

Researchers Crack Siri Protocol

Researchers cracked the pride of Apple’s latest iPhone iteration yesterday, reverse-engineering the language processing, interactive personal assistant application called Siri. On their blog, the researchers from Applidium posted a demo and directions that will allow users to install and use the...

CentOS 4 / 5 : nss (CESA-2011:1444)

Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Network Security Services NSS is a set of libraries designed to support the development of...

RedHat Update for nss RHSA-2011:1444-01

Check for the Version of nss OpenVAS Vulnerability Test RedHat Update for nss RHSA-2011:1444-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

CentOS Update for nss CESA-2011:1444 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for nss CESA-2011:1444 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

RHEL 4 / 5 / 6 : nss (RHSA-2011:1444)

Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Network Security Services NSS is a set of libraries designed to support the development of...