7607 matches found
CVE-2010-3900
Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312...
CVE-2010-3900
Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312...
SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6657)
The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's modssl was vulnerable to this kind of...
SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6655)
The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's modssl was vulnerable to this kind of...
Non-secure content warning in IE8 on the Dashboards screen caused by the wiki renderer
Wiki renderer-generated contents e.g. in the activity stream include references to icons with http prefix that cause IE8 to generate security warnings for JIRA instances accessible via HTTPS. To reproduce it, have contents in the activity stream gadget contain icons included by the wiki renderer,...
Non-secure content warning in IE8 on the Dashboards screen caused by the wiki renderer
Wiki renderer-generated contents e.g. in the activity stream include references to icons with http prefix that cause IE8 to generate security warnings for JIRA instances accessible via HTTPS. To reproduce it, have contents in the activity stream gadget contain icons included by the wiki renderer,...
Non-secure content warning in IE8 on the Dashboards screen caused by the wiki renderer
Wiki renderer-generated contents e.g. in the activity stream include references to icons with http prefix that cause IE8 to generate security warnings for JIRA instances accessible via HTTPS. To reproduce it, have contents in the activity stream gadget contain icons included by the wiki renderer,...
firefox, nspr, nss, xulrunner security update
CentOS Errata and Security Advisory CESA-2010:0681 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVS...
Critical: Red Hat Security Advisory: firefox security update
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...
VPSProxy (PHP Secure proxy + GUI)
PHP Secure proxy - программа для туннелирования HTTP/HTTPS трафика через PHP-гейт. На написание меня подтолкнула идея bons'a, в реализации которого не было необходимого мне функционала, и самое главное, GUI. Возможности + Поддержка HTTPS для php-гейтов. + Туннелирование HTTPS трафика добавлено в...
Unfixed XSS vulnerability at www.extrakredit.de
Security researcher Venom23, has submitted on 09/04/2010 a cross-site-scripting XSS vulnerability affecting www.extrakredit.de, which at the time of submission ranked 2068350 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/07/2010. It is...
Firefox 4 to Include HTTP Strict Transport Security Support
In an effort to help mitigate man-in-the-middle attacks that make normal HTTP connections look like secured HTTPS sessions, Mozilla is adding support in Firefox 4 for a new technology called HTTP Strict Transport Security that enables site operators to tell browsers to always request an HTTPS...
[SECURITY] Fedora 14 Update: openconnect-2.25-1.fc14
This package provides a client for Cisco's "AnyConnect" VPN, which uses HTTPS and DTLS protocols...
Fedora Update for openconnect FEDORA-2010-12253
Check for the Version of openconnect OpenVAS Vulnerability Test Fedora Update for openconnect FEDORA-2010-12253 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...
Fedora Update for openconnect FEDORA-2010-12257
Check for the Version of openconnect OpenVAS Vulnerability Test Fedora Update for openconnect FEDORA-2010-12257 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...
[SECURITY] Fedora 13 Update: openconnect-2.25-1.fc13
This package provides a client for Cisco's "AnyConnect" VPN, which uses HTTPS and DTLS protocols...
[SECURITY] Fedora 12 Update: openconnect-2.25-1.fc12
This package provides a client for Cisco's "AnyConnect" VPN, which uses HTTPS and DTLS protocols...
tomcat5 SSO cookie login information disclosure
The SingleSignOn Valve org.apache.catalina.authenticator.SingleSignOn in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
Internet Explorer HTTPS Proxy (CVE-2005-2830)
Microsoft Internet Explorer is a popular web browser bundled with the Microsoft Windows operating system. The browser is capable of communication with HTTP and HTTPS compliant servers. The browser may also be set up to use a proxy for accessing remote resources. An information disclosure...
USN-957-1: Firefox and Xulrunner vulnerabilities
Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212 A...