CVE-2008-3171

CVE-2008-3171 concerns Apple Safari leaking Referer headers that contain https URLs to other https sites. The description indicates this can let remote attackers obtain potentially sensitive information by reading Referer log data. Affected software is Safari; the root cause is the inclusion of h...

CVE-2008-3171

Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data...

CVE-2003-1561

Technical details about CVE-2003-1561 are not publicly provided in the supplied documents; no patched versions, affected products, or impact specifics are included. Monitor for updates.

CVE-2003-1560

Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data...

Opera < 9.51 Multiple Vulnerabilities

The version of Opera installed on the remote host reportedly is affected by several issues : - Specially crafted HTML canvas elements could reveal data from random areas of memory. - An unspecified arbitrary code execution vulnerability. - Improperly set security status when navigating from HTTP ...

Design/Logic Flaw

CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute for cookies that are sent over HTTPS, which might allow remote attackers to sniff the cookies if they are sent over HTTP...

CVE-2008-2558

CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute for cookies that are sent over HTTPS, which might allow remote attackers to sniff the cookies if they are sent over HTTP...

CVE-2008-2558

CVE-2008-2558 affects CRE Loaded 6.2.13.1 and earlier. The issue is that cookies sent over HTTPS do not set the Secure attribute, potentially allowing cookie sniffing if transmitted over HTTP. Affected software: CRE Loaded 6.2.13.1 and earlier. Underlying cause: lack of Secure flag on HTTPS cooki...

Cisco PIX / ASA multiple security vulnerabilities

TCP ACKs DoS, TLS DoS, instant messenger DoS, HTTPs request parsing DoS, Control-plane ACLs feature bypass...

Novell eDirectory unauthenticated access to SOAP interface

= Affected software : Editor : Novell Name : eDirectory Version : 8.7.x see note and 8.8.2 Services : TCP/8028 HTTP and TCP/8030 HTTPS = External references : http://www.novell.com/support/viewContent.do?externalId=3866911&sliceId=1 https://vulners.com/cve/CVE-2008-0926 = Technical details : A SO...

Novell eDirectory DoS via HTTP headers

= Affected software : Editor : Novell Name : eDirectory Version : 8.7.3 SP 10 and 8.8.2 Services : TCP/8028 HTTP and TCP/8030 HTTPS = External references : http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=1 https://vulners.com/cve/CVE-2008-0927 = Technical details : The...

novelledir-dos.txt

= Affected software : Editor : Novell Name : eDirectory Version : 8.7.3 SP 10 and 8.8.2 Services : TCP/8028 HTTP and TCP/8030 HTTPS = External references : http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0927 =...

OmniPCX Office远程信息泄露漏洞

BUGTRAQ ID: 28758 CVECAN ID: CVE-2008-1331 阿尔卡特的OmniPCX Office是一套为中小型企业设计的统一通信解决方案。 OmniPCX Office的Internet Access服务所使用的一个CGI脚本没有正确地过滤某些特定参数，允许远程攻击者从Internet检索敏感信息。 Alcatel-Lucent OmniPCX Office = 210/061.1 临时解决方法： 如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁： 禁止从Internet的WBM/WCA访问 对于R2.1到R4.1版本：...

Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : ruby1.8 vulnerabilities (USN-596-1)

Chris Clark discovered that Ruby's HTTPS module did not check for commonName mismatches early enough during SSL negotiation. If a remote attacker were able to perform man-in-the-middle attacks, this flaw could be exploited to view sensitive information in HTTPS requests coming from Ruby...

USN-596-1: Ruby vulnerabilities

Chris Clark discovered that Ruby's HTTPS module did not check for commonName mismatches early enough during SSL negotiation. If a remote attacker were able to perform machine-in-the-middle attacks, this flaw could be exploited to view sensitive information in HTTPS requests coming from Ruby...

Apple Safari 3.1之前版本多个安全漏洞

BUGTRAQ ID: 28290 CVECAN ID: CVE-2008-1011,CVE-2008-1010,CVE-2008-1009,CVE-2008-1008,CVE-2008-1007,CVE-2008-1006,CVE-2008-1005,CVE-2008-1004,CVE-2008-1003,CVE-2008-1002,CVE-2008-1001,CVE-2008-0050 Safari是苹果家族操作系统默认所捆绑的WEB浏览器。 Safari的3.1版修复了多个安全漏洞，具体如下： CVE-2008-0050 恶意的HTTPS代理服务器可能在502 Bad...

Design/Logic Flaw

CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error...

CVE-2008-0050

CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error...

CVE-2008-0050

CVE-2008-0050 : The issue affects CFNetwork in Apple Mac OS X 10.4.11. A remote HTTPS proxy server can spoof secure websites by embedding data in a 502 Bad Gateway response, potentially misleading users about the authenticity of the site. The available description states the vulnerability and its...

CVE-2008-0050

CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error...