Squid SSL-Bump HTTPS Requests Processing DoS Vulnerability (SQUID-2014:1)

Squid is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:squid-cache:squid";...

Amazon Linux: Security Advisory (ALAS-2014-421)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2015-552)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

justdial.com XSS vulnerability

Vulnerable URL: http://www.justdial.com/Mumbai/quota-%3Cnear%3E-Khetwadi&%22%3E%3Cimg%20src=x%20onerror=prompt%28'XSSPOSED'%29;%3E Details: Description| Value ---|--- Patched:| Yes, at 19.11.2015 Latest check for patch:| 19.11.2015 02:57 GMT Vulnerability type:| XSS Vulnerability status:| Publicl...

WordPress SecureMoz Security Audit Plugin <= 1.0.5 - PHP Object Injection

The tweetinfo function in class/functions.php does not use an HTTPS session for downloading serialized data. In that way an attacker can execute arbitrary PHP code by modifying the client-server data stream. Solution Update the plugin...

CVE-2015-6276

Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificate directory, aka Bug ID...

Improper access control

Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificate directory, aka Bug ID...

CVE-2015-6276

Cisco TelePresence IX5000 8.0.3 stores a private key for an X.509 certificate under the web root with insufficient access control, enabling remote attackers to obtain private keys and potentially decrypt traffic or impersonate the device. Cisco has released software updates addressing this certif...

CVE-2015-6276

Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificate directory, aka Bug ID...

Empire: a PowerShell post-exploitation Agent tools-vulnerability warning-the black bar safety net

Empire is a purely PowerShell post-exploitation Agent tools, it is built on cryptography, secure communications and flexible architecture. Empire realize the need to powershell. exe you can run a PowerShell proxy function. Rapid deployment post-exploit module, from the keyboard recorder to...

mitmproxy kit using the Raiders and customization-bug warning-the black bar safety net

mitmproxy is a support for HTTPSMiTM proxy tool. Different from Fiddler2, and burpsuite, etc. similar function tools, mitmproxy can be in the terminal under the run. mitmproxy in Python development, is to assist the web development&testing, debugging, penetration testing tool. The working princip...

Fedora 23 : mediawiki-1.25.2-2.fc23 (2015-13920)

T94116 SECURITY: Compare API watchlist token in constant time T97391 SECURITY: Escape error message strings in thumb.php T106893 SECURITY: Don't leak autoblocked IP addresses on Special:DeletedContributions T102562 Fix InstantCommons parameters to handle the new HTTPS-only policy of Wikimedia...

ownCloud: apps.owncloud.com: Mixed Active Scripting Issue

I come across HTTPS security issue - compromises HTTPS security by loading images from non secure source in https://apps.owncloud.com/. Vulnerability Type: Mixed Active Scripting Issue Description: Mixed Active Content is content that has access to and can affect all or parts of the Document Obje...

bondbuyer.com XSS vulnerability

Vulnerable URL: http://www.bondbuyer.com/search/index.html?zkDo=search=08=29=2014=08=29=2015=allarticles=%22+onfocus%3Dalert%28%2FXSSPOSED%2F%29+autofocus+x%3D=0=0 Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 16:41 GMT Vulnerability type:| X...

mitnicksecurity.com XSS vulnerability

Vulnerable URL: https://www.mitnicksecurity.com/bowercomponents/modernizr/feature-detects/img/ Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 16:36 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 596423 Googl...

mitnicksecurity.com XSS vulnerability

Vulnerable URL: https://www.mitnicksecurity.com/bowercomponents/modernizr/feature-detects/es5/ Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 16:35 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 596423 Googl...

CVE-2015-4498

The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early poin...

ownCloud: Config

Hi, With this bug, a local attacker can infect users with malware. it works this way, after the sign up page or most pages, a Download prompt appears. for example, at your Hackerone Page hackerone.com/owncloud, However, the downloads url, in my case, it was...

ownCloud: *.owncloud.com / *.owncloud.org: Using not strong enough SSL ciphers

We have received multiple reports that some of our domains on .owncloud.com and .owncloud.org are not using a recommended configuration for HTTPS purposes. To avoid having multiple issues to track SSL / TLS related problems on .owncloud.com and .owncloud.org we have merged multiple issues togethe...

ownCloud: s2.owncloud.com: SSL Session cookie without secure flag set

URL: https://s2.owncloud.com/ Issue detail The following cookie was issued by the application and does not have the secure flag set: sessionid=0fdc40cc016d1e70b1567b0071e5dcd2; expires=Sat Aug 22 03:45:12 2015; path=/; domain=s2.owncloud.com; max-age=86387; httponly The cookie appears to contain ...