Duqu Analysis and Detection Tool by NSS Labs

Duqu Analysis and Detection Tool by NSS Labs NSS Labs has built a new, free tool that detects known and newly created Duqu drivers that have infiltrated systems, thus allowing security experts to further analyze the "functionality, capabilities and ultimate purpose of DuQu.". The Tool is availabl...

Medium: perl-libwww-perl

Issue Overview: The Net::HTTPS module in libwww-perl LWP before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote...

CVE-2011-3634

methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors...

phpLDAPadmin 'functions.php' Remote PHP Code Injection Vulnerability

phpLDAPadmin is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possibl...

OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity,...

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity,...

GateOne Beta - Terminal emulator for HTML5 web browsers

GateOne Beta - Terminal emulator for HTML5 web browsers The software makes use of WebSockets to connect a server backend written in Python and a frontend written for modern browsers in JavaScript, HTML5 and CSS. The frontend doesn't require any browser plug-ins to be installed.Gate One also...

Wget: User-assisted file creation or overwrite

Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description It was discovered that Wget was unsafely trusting server-provided filenames. This allowed attackers to overwrite or create files on the user's system...

Cisco Network Admission Control Manager directory traversal

HTTPS directory traversal...

Medium: ca-certificates

Issue Overview: This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure PKI. It was found that a Certificate Authority CA issued fraudulent HTTPS certificates. This update removes that CA's root certificate from the...

Microsoft Windows SSL/TLS信息泄露漏洞

CVE ID: CVE-2011-3389 Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft Windows在SSL/TLS协议的实现上存在信息泄露漏洞，远程攻击者可利用此漏洞泄露敏感信息并劫持用户会话。 此漏洞源于在CBC模式中结合对称密码套件使用Secure Sockets Layer 3.0 SSL和Transport Layer Security 1.0 TLS 协议时出现的设计错误，通过中间人攻击加密HTTPS会话。 Microsoft Windows Microsoft Windows XP Home Microsoft Windows ...

Microsoft Pushes FixIt Tool to Enable Support for Newer TLS Version

Microsoft has relased a security advisory about the TLS/SSL attack developed by Juliano Rizzo and Thai Duong and also has made a FixIt tool available to help server administrators switch on support for newer versions of the protocol that aren’t vulnerable to the attack. The Microsoft advisory lay...

SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes

Overview A vulnerability in the specification of the SSL 3.0 and TLS 1.0 protocols could allow an attacker to decrypt encrypted traffic. Description The Secure Sockets Layer SSL and Transport Layer Security TLS protocols are commonly used to provide authentication, encryption, integrity, and...

HTTPS SSL encryption Vulnerable To Crypto Attack

HTTPS SSL encryption Vulnerable To Crypto Attack The secure sockets layer SSL and transport layer security TLS encryption protocol, used by millions of websites to secure Web communications via HTTPS, is vulnerable to being decrypted by attackers. Researchers have discovered a serious weakness in...

HTTPS SSL encryption Vulnerable To Crypto Attack

HTTPS SSL encryption Vulnerable To Crypto Attack The secure sockets layer SSL and transport layer security TLS encryption protocol, used by millions of websites to secure Web communications via HTTPS, is vulnerable to being decrypted by attackers. Researchers have discovered a serious weakness in...

CentOS Update for nspr CESA-2011:1282 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for xulrunner CESA-2011:1242 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for nspr CESA-2011:1282 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for xulrunner CESA-2011:1268 centos5 i386

Check for the Version of xulrunner OpenVAS Vulnerability Test CentOS Update for xulrunner CESA-2011:1268 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...