Wget: Certificate validation error

Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description The vendor reported that Wget does not properly handle Common Name CN fields in X.509 certificates that contain an ASCII NUL \0 character...

Wyse Device Manager (WDM) HServer and HAgent contain multiple vulnerabilities

Overview Wyse Device Manager WDM Server and HAgent contain several vulnerabilities. An attacker with network access to WDM components could execute arbitrary code on vulnerable systems. Description Wyse Device Manager WDM, formerly known as Wyse Rapport manages thin clients. Part of the server...

[SECURITY] Fedora 10 Update: aria2-1.3.1-2.fc10

aria2 is a download utility with resuming and segmented downloading. Supported protocols are HTTP/HTTPS/FTP/BitTorrent. It also supports Metalink version 3.0. Currently it has following features: - HTTP/HTTPS GET support - HTTP Proxy support - HTTP BASIC authentication support - HTTP Proxy...

SuSE9 Security Update : Tomcat (YOU Patch Number 12078)

Fixed various issues in tomcat : - modjk directory traversal. CVE-2007-1860 - Handling of cookies containing a ' character. CVE-2007-3382 - Handling of a double-quote character in cookies. CVE-2007-3385 - tomcat path traversal / information leak. CVE-2007-5641 - tomcat HTTP Request Smuggling...

Fedora Core 10 FEDORA-2009-9601 (planet)

The remote host is missing an update to planet announced via advisory FEDORA-2009-9601. OpenVAS Vulnerability Test $Id: fcore20099601.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-9601 planet Authors: Thomas Reinke Copyright: Copyright c 2009 E-So...

Fedora Core 10 FEDORA-2009-8770 (fetchmail)

The remote host is missing an update to fetchmail announced via advisory FEDORA-2009-8770. OpenVAS Vulnerability Test $Id: fcore20098770.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-8770 fetchmail Authors: Thomas Reinke Copyright: Copyright c 200...

Hack attack:use sslstrip for MiTM attack(Bypass https)-bug warning-the black bar safety net

Everyone knows, including the network for MiTM attacks can allow an attacker to more efficiently intercepted within the network the user's password and secret information. In BackTrack use EtterCap or ArpSpoof tool. But Ettercap supports the Protocol, only HTTP, FTP, Telnet, SMTP, etc. in clear...

Google Chrome 'JavaScript' And 'HTTPS' Multiple Vulnerabilities (Aug 2009)

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome 'JavaScript' And 'HTTPS' Multiple Vulnerabilities - Aug09

This host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodgooglechromemultvulnaug09.nasl 5055 2017-01-20 14:08:39Z teissa $ Google Chrome 'JavaScript' And 'HTTPS' Multiple Vulnerabilities - Aug09 Authors: Sharath S Copyright: Copyrig...

Detailed description of SSL and TLS Web Security penetration testing-vulnerability warning-the black bar safety net

If the Web Service of the SSL and TLS Protocol security problem, the consequences will be how? Obviously, in this case the attacker can have all your security information, including user name, passwords, credit card, Bank information...... All in all. This article will give the reader a detailed...

CVE-2009-2973

Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the 1 MD2 or 2 MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409...

Design/Logic Flaw

Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the 1 MD2 or 2 MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409...

CVE-2009-2973

Removed by vendor...

CVE-2009-2973

Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the 1 MD2 or 2 MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409...

DSA-1869-1 curl - SSL certificate verification weakness

Bulletin has no description...

Authentication flaw

The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a 1 http or ...

CVE-2009-1048

The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a 1 http or ...

Open redirect

CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issu...

Update Protection against Cisco IOS Administrative Interface HTTP Authentication

Cisco Wireless LAN Controllers WLCs are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service QoS, and mobility. An attacker with access to the administrative web interface via HTTP or HTTPS may cause the device to...

CVE-2009-1167

Unspecified vulnerability on the Cisco Wireless LAN Controller WLC platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules WiSM, WLC Modules for Integrated Services Routers,...