Lucene search
K

7690 matches found

OSV
OSV
added 2017/09/01 1:29 p.m.29 views

CVE-2017-12870

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.9CVSS6.3AI score
Exploits0References1
Cvelist
Cvelist
added 2017/09/01 1:0 p.m.44 views

CVE-2017-12870

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.4AI score0.00875EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2017/09/01 1:0 p.m.27 views

CVE-2017-12870

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.9CVSS5.4AI score0.00875EPSS
Exploits0
Apple
Apple
added 2017/08/30 12:0 a.m.20 views

About the security content of Apple Support 1.2 for iOS

About the security content of Apple Support 1.2 for iOS This document describes the security content of Apple Support 1.2 for iOS. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patche...

5.3CVSS5.4AI score0.00918EPSS
Exploits1References1Affected Software1
ThreatPost
ThreatPost
added 2017/08/29 3:12 p.m.7 views

Google Reminding Admins HTTP Pages Will Be Marked 'Not Secure' in October

Google began sending out notices to site owners this month, reminding those who haven’t yet migrated from HTTP to HTTPS that in October their sites will be marked “NOT SECURE.” The warnings are directed to owners of HTTP pages that contain forms, specifically sites that include text input fields...

6.9AI score
Exploits0References7
Hacker One
Hacker One
added 2017/08/26 9:22 a.m.26 views

GSA Bounty: federalist.18f.gov vulnerable to Sweet32 attack

The researcher noted that federalist.18f.gov allows use of the TLSRSAWITH3DESEDECBCSHA cipher, which is now marked as "weak" in SSL labs because of risks of MitM attacks given this vulnerability: https://sweet32.info/, which requires monitoring of a long lived HTTPS connection. We inherit this...

0.3AI score
Exploits0
0day.today
0day.today
added 2017/08/23 12:0 a.m.46 views

WebClientPrint Processor 2.0.15.109 TLS Validation Vulnerability

RedTeam Pentesting discovered that WebClientPrint Processor WCPP does not validate TLS certificates when initiating HTTPS connections. Thus, a man-in-the-middle attacker may intercept and/or modify HTTPS traffic in transit. This may result in a disclosure of sensitive information and the integrit...

6.4AI score
Exploits0
Packet Storm
Packet Storm
added 2017/08/23 12:0 a.m.68 views

WebClientPrint Processor 2.0.15.109 TLS Validation

Advisory: WebClientPrint Processor 2.0: No Validation of TLS Certificates RedTeam Pentesting discovered that WebClientPrint Processor WCPP does not validate TLS certificates when initiating HTTPS connections. Thus, a man-in-the-middle attacker may intercept and/or modify HTTPS traffic in transit...

7.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/08/22 12:51 a.m.10 views

systec.fe.up.pt XSS vulnerability

Vulnerable URL: http://systec.fe.up.pt/index.php/component/finder/search?q=%22%20onmouseover=%22prompt%27OpenBugBounty%27%5B%5D=%5B%5D=%5B%5D=%5B%5D==101 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 20.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly...

6.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/08/22 12:0 a.m.52 views

Scientific Linux Security Update : python on SL7.x x86_64 (20170801)

Security Fixes : - The Python standard library HTTP client modules such as httplib or urllib did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data...

5.8CVSS6.9AI score0.03269EPSS
Exploits1References2
Citrix
Citrix
added 2017/08/21 12:0 a.m.7 views

Reciever 4.8 - Unable to open the Url -Only Http and Https Urls can be opened

when launching published content from receiver 4.6 onward versions, we get error :"Only Http and Https Urls can be opened"...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2017/08/18 12:0 a.m.70 views

Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution

Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution This is an advisory for CVE-2017-6327 which is an unauthenticated remote code execution flaw in the web interface of Symantec Messaging Gateway prior to and including version 10.6.3-2, which can be used to execute commands as roo...

6.5CVSS0.4AI score0.35341EPSS
Exploits7
Hacker One
Hacker One
added 2017/08/16 1:15 a.m.28 views

Legal Robot: Futureoflife organization URL should be HTTPS

SUMMARY This is just for the awareness to use HTTPS everywhere, even for outgoing links - where it's possible. Treat this report with some salt, not as in hashes. Navigate to: https://www.legalrobot-uat.com/faq/ futureoflife organization URL redirect to HTTPS after click, but cookie is sent on th...

0.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2017/08/15 6:23 p.m.2 views

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

9.8CVSS7.3AI score0.19953EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2017/08/15 6:11 p.m.5 views

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

9.8CVSS7.3AI score0.19953EPSS
Exploits0References6
Hacker One
Hacker One
added 2017/08/15 12:7 p.m.18 views

Legal Robot: observer.com URL should HTTPS

Summary This is just for the awareness to use HTTPS everywhere, even for outgoing links - where it's possible. Treat this report with some salt, not as in hashes. Navigate to: https://www.legalrobot-uat.com/press/ Example page In the lower part where you find the observer.com Link: observer...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2017/08/15 10:36 a.m.13 views

Spam Domains Imitating Popular Banks Spreading Trickbot Banking Trojan

Santander Bank customers should be aware of an effective spam campaign spreading the Trickbot banking Trojan that is coming from domains similar to those used by the financial institution. Researchers at My Online Security and the SANS Institute’s Internet Storm Center say that Santander is not t...

0.1AI score
Exploits0References3
Fedora
Fedora
added 2017/08/14 12:56 a.m.46 views

[SECURITY] Fedora 25 Update: curl-7.51.0-9.fc25

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

6.5CVSS0.03958EPSS
Exploits0
Fedora
Fedora
added 2017/08/13 8:56 p.m.30 views

[SECURITY] Fedora 26 Update: curl-7.53.1-10.fc26

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

6.5CVSS0.03958EPSS
Exploits0
Ubuntu
Ubuntu
added 2017/08/11 6:19 a.m.73 views

USN-3388-1: Subversion vulnerabilities

Joern Schneeweisz discovered that Subversion did not properly handle host names in 'svn+ssh://' URLs. A remote attacker could use this to construct a subversion repository that when accessed could run arbitrary code with the privileges of the user. CVE-2017-9800 Daniel Shahaf and James McCoy...

9.8CVSS7.3AI score0.18892EPSS
Exploits3
Rows per page
Query Builder