Unverified SSL Certificates

hammercli uses unverified SSL certificates by default. When hammercli initiates HTTPS connections using apipie-binding and rest-clients, it doesn't verify that the SSL certificate is correct. This allows man-in-the-middle MitM attacks...

Man-in-the-Middle (MitM)

ansible is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists because it does not perform ample validation of HTTPS certificate using geturl and uri modules. Therefore, it fails to catch the mismatch between server hostname and a domain name in the subject's Common Name CN or...

RubyGems: Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier

Description: The RubyGems client supports a gem server API discovery functionality, which is used when pushing or pulling gems to a gem distribution/hosting server, like RubyGems.org. This functionality is provided via a SRV DNS request to the users gem source hostname prepended with...

DEBIAN-CVE-2008-7313

The httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796...

UBUNTU-CVE-2008-7313

The httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796...

Insecure Client-Access Policy

The browser security model normally prevents web content from one domain from accessing data from another domain. This is commonly known as the "same origin policy". URL policy files grant cross-domain permissions for reading data. They permit operations that are not permitted by default. The URL...

Missing HTTP Strict Transport Security Policy

The HTTP protocol by itself is clear text, meaning that any data that is transmitted via HTTP can be captured and the contents viewed. To keep data private and prevent it from being intercepted, HTTP is often tunnelled through either Secure Sockets Layer SSL or Transport Layer Security TLS. When...

Unencrypted Password Form

The HTTP protocol by itself is clear text, meaning that any data that is transmitted via HTTP can be captured and the contents viewed. To keep data private, and prevent it from being intercepted, HTTP is often tunnelled through either Secure Sockets Layer SSL, or Transport Layer Security TLS. Whe...

Cookie Without Secure Flag Detected

When the secure flag is set on a cookie, the browser will prevent it from being sent over a clear text channel HTTP and only allow it to be sent when an encrypted channel is used HTTPS. The scanner discovered that a cookie was set by the server without the secure flag being set. Although the...

LLMNR NBT-NS MDNS Poisoner: Responder

LLMNR NBT-NS MDNS Poisoner: Responder Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. This tool is an LLMNR, NBT-NS and MDNS responder, it will...

CVE-2017-7323

The 1 update and 2 package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HTTPS protection mechanism...

CVE-2017-7323

MODX Revolution 2.5.4-pl and earlier are vulnerable due to the update and package-installation features defaulting to http://rest.modx.com, enabling a man-in-the-middle attack to spoof servers and trigger arbitrary code execution due to the lack of HTTPS protection. The issue affects the update/p...

SUSE-SU-2017:0367-1 Security update for ceph

This update for ceph fixes the following issues: CVE-2016-5009: moncommand with empty prefix could crash monitor bsc987144 Invalid commandd in SOC7 with ceph bsc1008894 Performance fix was missing in SES4 bsc1005179 ceph build problems on ppc64le bsc982141 ceph make build unit test failure...

APPLE OS X AND IOS X509 CERTIFICATE PARSING NAME CONSTRAINTS REMOTE CODE EXECUTION VULNERABILITY

When a client establishes a secure connection to a server, the server presents an x509 certificate which the client must validate.On Apple macOS, most client applications will use macOS’s certificate validation agent, at which point the malicious certificate will be parsed by the vulnerable code...

Open Source Large Scale Full Packet Capturing: Moloch

Open Source Large Scale Full Packet Capturing Moloch is an open source, large scale, full packet capturing, indexing, and database system. Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive...

candyford.net XSS vulnerability

Vulnerable URL: http://candyford.net/all-inventory/index.htm?listingConfigId=AUTO-new,AUTO-used"'--!====0==true=true=SEARCH=false=false=false=true=BLANK=true=model:make,city:province,city:state=compliantKNOXSS Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017...

APT29 Domain Fronting With TOR

Mandiant has observed Russian nation-state attackers APT29 employing domain fronting techniques for stealthy backdoor access to victim environments for at least two years. There has been considerable discussion about domain fronting following the release of a paper detailing these techniques...

APT29 Domain Fronting With TOR

Mandiant has observed Russian nation-state attackers APT29 employing domain fronting techniques for stealthy backdoor access to victim environments for at least two years. There has been considerable discussion about domain fronting following the release of a paper detailing these techniques...

pefoc.ro XSS vulnerability

Vulnerable URL: https://www.pefoc.ro/produse/search?name=%22%3E%3C%2Fscript%3E%3Cimg+src%3Dx+onerror%3Dprompt%2FXSSPOSED%2F%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 704285...

Reaching toward universal TLS SNI

The past few years have seen a dramatic increase in client support for TLS SNI a technology standard that makes HTTPS much more scaleable. While early 2014 saw fewer than 85% of HTTPS requests being sent by clients supporting TLS SNI, many Akamai customers today now see client TLS SNI usage...