Code injection

Unspecified vulnerability in the administrative interface in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPo...

Code injection

Unspecified vulnerability in the WebSafe DistributorServlet in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka...

CVE-2010-0143

CVE-2010-0143 affects Cisco IronPort Encryption Appliance and IronPort PostX MAP prior to versions 6.2.9.1/6.5.2 (and MAP before 6.2.9.1). The vulnerability is an unspecified information-disclosure in the embedded HTTPS server’s administrative interface, allowing remote attackers to read arbitrar...

CVE-2010-0143

Unspecified vulnerability in the administrative interface in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPo...

CVE-2010-0144

Unspecified vulnerability in the WebSafe DistributorServlet in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka...

CVE-2010-0145

Cisco IronPort Encryption Appliance versions 6.2.x before 6.2.9.1, 6.5.x before 6.5.2, and IronPort PostX MAP before 6.2.9.1 are affected by CVE-2010-0145. The vulnerability is a remote code execution flaw in the embedded HTTPS server (IronPort Bug 65923) that allows an unauthenticated, remote at...

Researchers Discover New ACH Banker Trojan

Malware hunters at SecureWorks have intercepted a new banker Trojan being used by cyber-criminals to steal financial credentials from banks in the U.S. The Trojan, dubbed “Bugat,” targets Automated Clearing House ACH and wire transfer transactions by small- and mid-sized business in the U.S., muc...

Aruba Advisory ID: AID-020810 TLS Protocol Session Renegotiation Security Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aruba Networks Security Advisory Title: TLS Protocol Session Renegotiation Security Vulnerability Aruba Advisory ID: AID-020810 Revision: 1.0 For Public Release on 02/08/2010 +---------------------------------------------------- SUMMARY This advisory...

Preemptive Protection against TLS and SSL Spoofing Vulnerability

Transport Layer Security TLS and Secure Sockets Layer SSL are cryptographic protocols that provide security for communications over networks. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end.A spoofing vulnerability exists in multiple implementations of...

Internet Explorer Install Engine Buffer Overflow (CVE-2004-0216)

Microsoft Internet Explorer is a popular web browser bundled with the Microsoft Windows operating system. The browser is capable of communicating with HTTP and HTTPS compliant servers. The browser also has the capability to launch locally-installed libraries, or ActiveX controls, embedded in web...

iPhone certificate flaws

iPhones can be configured over the air by inviting users to download .mobileconfig files from a URL. This feature is used by large companies and universities to distribute various settings to a large number of iPhones. For security reasons, these files need to be cryptographically signed to be...

GMail Goes "https-only" By Default

A day after confirming a major security breach by Chinese hackers looking for GMail account information, Google has turned on default “https:” access for its popular Web mail service. Google had previously added the option for GMail users to “always use https” back in July 2008 but it was turned...

Unable to use HTTPS for login only

If you setup the urlrewrite.xml like so: noformat ^/s/.//download/images/^?. /images/$2 ^/s/.//^?. /$2 ^/login.action https https://localhost:8443/login.action ^/dologin.action https https://localhost:8443/dologin.action ^/. https /login.action. /dologin.action. /s/. http://localhost:8080/$...

CVE-2009-3584

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

UBUNTU-CVE-2009-3584

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2009-3584

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2009-3584

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2009-3584

CVE-2009-3584 involves SQL-Ledger 2.8.24 where the session cookie’s secure flag is not set in HTTPS, enabling potential cookie interception in HTTP sessions. The available connected sources confirm the affected product (SQL-Ledger 2.8.24) and the vulnerability class (cookie security flag misconfi...

CVE-2009-3584

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...