Debian DSA-2246-1 : mahara - several vulnerabilities

Several vulnerabilities were discovered in Mahara, an electronic portfolio, weblog, and resume builder. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-1402 It was discovered that previous versions of Mahara did not check user credentials before...

Fedora 14 : phpMyAdmin-3.4.1-1.fc14 (2011-7702)

Welcome to phpMyAdmin 3.4, presenting a new default theme. This release contains new features, especially : - User preferences - Relation schema export to multiple formats - ENUM/SET editor - Simplified interface for export/import - AJAXification of some parts - Charts - Visual query builder and...

[SECURITY] [DSA 2246-1] mahara security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2246-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano May 29, 2011 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2246-1] mahara security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2246-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano May 29, 2011 http://www.debian.org/security/faq -...

DSA-2246-1 mahara - several vulnerabilities

Bulletin has no description...

Perl libwww-perl (LWP)模块SSL证书验证安全策略绕过漏洞

BUGTRAQ ID: 47895 CVE ID: CVE-2011-0633 CPAN（Comprehensive Perl Archive Network）中译为“Perl综合典藏网”,“Perl综合档案网”或者“Perl程序库”。它包含了极多用Perl写成的软件和其文件。 Perl libwww-perl LWP模块在SSL证书验证上存在安全策略绕过漏洞，远程攻击者可利用此漏洞执行中间人攻击或伪造受信任服务器。 libwww-perl LWP 6.00之前版本中的Net::HTTPS模块（也使用在其他产品中，如WWW::Mechanize,...

IBM solidDB RPC Test Commands Denial of Service Vulnerabilities

This host is running IBM solidDB and is prone to multiple denial of service vulnerabilities. OpenVAS Vulnerability Test $Id: gbibmsoliddbrpctestsvcdosvuln.nasl 7015 2017-08-28 11:51:24Z teissa $ IBM solidDB RPC Test Commands Denial of Service Vulnerabilities Authors: Antu Sanadi Copyright:...

Vulnerability in Google ClientLogin Protocol !

Vulnerability in Google ClientLogin Protocol ! A group of security and privacy researchers from the Institute of Media Informatics at Ulm University in Germany, is claiming to have discovered a serious security vulnerability in Google's ClientLogin protocol. In a recent analysis of the Android...

CVE-2011-0633

The Net::HTTPS module in libwww-perl LWP before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof...

CVE-2011-1406

Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login...

CVE-2011-0633

The Net::HTTPS module in libwww-perl LWP before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof...

Design/Logic Flaw

The Net::HTTPS module in libwww-perl LWP before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof...

CVE-2011-0633

The Net::HTTPS module in libwww-perl LWP before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof...

CVE-2011-0633

CVE-2011-0633 affects libwww-perl’s Net::HTTPS usage (prior to 6.00) as used by WWW::Mechanize and LWP::UserAgent. When environments do not set the If-SSL-Cert-Subject header, full SSL certificate validation is not enabled by default, enabling MITM-style spoofing via hostnames that are not proper...

CVE-2011-1406

CVE-2011-1406 affects Mahara prior to 1.3.6. If wwwroot is configured to HTTPS but the web server serves content over HTTP as well, users can log in via HTTP and credentials may be sniffed. Debian/OpenVAS advisories mirror this issue and recommend upgrading Mahara to the fixed version (1.3.6 or l...

CVE-2011-1406

Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login...

CVE-2011-0633

The Net::HTTPS module in libwww-perl LWP before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof...

Debian: Security Advisory (DSA-2199-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 2200-1 (iceweasel)

The remote host is missing an update to iceweasel announced via advisory DSA 2200-1. OpenVAS Vulnerability Test $Id: deb22001.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2200-1 iceweasel Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

Debian Security Advisory DSA 2203-1 (nss)

The remote host is missing an update to nss announced via advisory DSA 2203-1. OpenVAS Vulnerability Test $Id: deb22031.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2203-1 nss Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...