7690 matches found
CVE-2017-12870
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...
CVE-2017-12870
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...
CVE-2017-12870
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...
About the security content of Apple Support 1.2 for iOS
About the security content of Apple Support 1.2 for iOS This document describes the security content of Apple Support 1.2 for iOS. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patche...
Google Reminding Admins HTTP Pages Will Be Marked 'Not Secure' in October
Google began sending out notices to site owners this month, reminding those who haven’t yet migrated from HTTP to HTTPS that in October their sites will be marked “NOT SECURE.” The warnings are directed to owners of HTTP pages that contain forms, specifically sites that include text input fields...
GSA Bounty: federalist.18f.gov vulnerable to Sweet32 attack
The researcher noted that federalist.18f.gov allows use of the TLSRSAWITH3DESEDECBCSHA cipher, which is now marked as "weak" in SSL labs because of risks of MitM attacks given this vulnerability: https://sweet32.info/, which requires monitoring of a long lived HTTPS connection. We inherit this...
WebClientPrint Processor 2.0.15.109 TLS Validation Vulnerability
RedTeam Pentesting discovered that WebClientPrint Processor WCPP does not validate TLS certificates when initiating HTTPS connections. Thus, a man-in-the-middle attacker may intercept and/or modify HTTPS traffic in transit. This may result in a disclosure of sensitive information and the integrit...
WebClientPrint Processor 2.0.15.109 TLS Validation
Advisory: WebClientPrint Processor 2.0: No Validation of TLS Certificates RedTeam Pentesting discovered that WebClientPrint Processor WCPP does not validate TLS certificates when initiating HTTPS connections. Thus, a man-in-the-middle attacker may intercept and/or modify HTTPS traffic in transit...
systec.fe.up.pt XSS vulnerability
Vulnerable URL: http://systec.fe.up.pt/index.php/component/finder/search?q=%22%20onmouseover=%22prompt%27OpenBugBounty%27%5B%5D=%5B%5D=%5B%5D=%5B%5D==101 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 20.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly...
Scientific Linux Security Update : python on SL7.x x86_64 (20170801)
Security Fixes : - The Python standard library HTTP client modules such as httplib or urllib did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data...
Reciever 4.8 - Unable to open the Url -Only Http and Https Urls can be opened
when launching published content from receiver 4.6 onward versions, we get error :"Only Http and Https Urls can be opened"...
Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution
Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution This is an advisory for CVE-2017-6327 which is an unauthenticated remote code execution flaw in the web interface of Symantec Messaging Gateway prior to and including version 10.6.3-2, which can be used to execute commands as roo...
Legal Robot: Futureoflife organization URL should be HTTPS
SUMMARY This is just for the awareness to use HTTPS everywhere, even for outgoing links - where it's possible. Treat this report with some salt, not as in hashes. Navigate to: https://www.legalrobot-uat.com/faq/ futureoflife organization URL redirect to HTTPS after click, but cookie is sent on th...
httpd: mod_ssl NULL pointer dereference
A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...
httpd: mod_ssl NULL pointer dereference
A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...
Legal Robot: observer.com URL should HTTPS
Summary This is just for the awareness to use HTTPS everywhere, even for outgoing links - where it's possible. Treat this report with some salt, not as in hashes. Navigate to: https://www.legalrobot-uat.com/press/ Example page In the lower part where you find the observer.com Link: observer...
Spam Domains Imitating Popular Banks Spreading Trickbot Banking Trojan
Santander Bank customers should be aware of an effective spam campaign spreading the Trickbot banking Trojan that is coming from domains similar to those used by the financial institution. Researchers at My Online Security and the SANS Institute’s Internet Storm Center say that Santander is not t...
[SECURITY] Fedora 25 Update: curl-7.51.0-9.fc25
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
[SECURITY] Fedora 26 Update: curl-7.53.1-10.fc26
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
USN-3388-1: Subversion vulnerabilities
Joern Schneeweisz discovered that Subversion did not properly handle host names in 'svn+ssh://' URLs. A remote attacker could use this to construct a subversion repository that when accessed could run arbitrary code with the privileges of the user. CVE-2017-9800 Daniel Shahaf and James McCoy...