SUSE SLED11 / SLES11 Security Update : libqt4 (SUSE-SU-2014:1121-1)

This update of the QT4 QSSL interface makes it select a set of default ciphers that is recommended for current usage. This update is needed for Konqueror to restrict its cipher set when using https. Note that Tenable Network Security has extracted the preceding description block directly from the...

castlefinearts.com XSS vulnerability

Vulnerable URL: https://castlefinearts.com/searchresults.php?pageno=2=19==%22%3E%3Cimg%20src=x%20onerror=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 21.11.2017 Latest check for patch:| 21.11.2017 22:27 GMT Vulnerability type:| XSS Vulnerability status:| Publicl...

CVE-2015-1848

The pcs daemon pcsd in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerabili...

CVE-2015-1848

The pcs daemon pcsd in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerabili...

CVE-2015-1848

The CVE-2015-1848 entry concerns the PCS daemon (pcsd) in PCS 0.9.137 and earlier failing to set the Secure flag on cookies in HTTPS sessions (CVE-2015-1848); CVE-2015-3983 covers the related issue of not setting the HttpOnly flag. Multiple open-source advisories (Fedora/CentOS and related feeds)...

CVE-2015-1848

The pcs daemon pcsd in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerabili...

PT-2015-5470 · Pcs +2 · Pcs +2

Name of the Vulnerable Software and Affected Versions: PCS versions 0.9.137 and earlier Description: The issue concerns the pcs daemon pcsd in PCS, where it fails to set the secure flag for a cookie in an https session. This oversight makes it easier for remote attackers to capture the cookie by...

Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTPS Stager (winhttp)

Inject a VNC Dll via a reflective loader Windows x64 staged. Tunnel communication over HTTPS Windows x64 winhttp This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 781 include...

Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse HTTPS Stager (winhttp)

Inject the meterpreter server DLL via the Reflective Dll Injection payload staged. Requires Windows XP SP2 or newer. Tunnel communication over HTTPS Windows x64 winhttp This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

[USN-2591-1] curl vulnerabilities

========================================================================== Ubuntu Security Notice USN-2591-1 April 30, 2015 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

hispanic-jobs.com XSS vulnerability

Vulnerable URL: http://www.hispanic-jobs.com/search.php?search=%3E%3C/title%3E%27%22%3E%3Cmarquee%3E%3Ch1%3Etest%3C/%20h1%3E%3C/marquee%3ESCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28/XSSPOSED/%29%3C/SCRIPT%3E Details: Description| Value ---|--- Patched:| Yes, at 22.08.2017 Latest check for patch:|...

Mozilla Moving Toward Full HTTPS Enforcement in Firefox

The Mozilla Foundation is initiating the process to phase out insecure HTTP connections in the Firefox browser. The decision is part of a broader movement to encrypt the Web, which in the case of Mozilla Firefox, means permitting only encrypted HTTPS browser connections. Mozilla is the developer ...

USN-2591-1: curl vulnerabilities

Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. CVE-2015-3143 Hanno Böck discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially...

[SECURITY] [DSA 3240-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3240-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini April 29, 2015 http://www.debian.org/security/faq -...

Google Releases Password Alert Extension for Chrome

Google is rolling out a new extension for Chrome that will monitor users’ logins and warn them if they enter a Google password on a non-Google page, a move designed to help protect users against phishing attacks. The new extension, called Password Alert, works for both consumer accounts and Googl...

Debian Security Advisory DSA 3240-1 (curl - security update)

It was discovered that cURL, an URL transfer library, if configured to use a proxy server with the HTTPS protocol, by default could send to the proxy the same HTTP headers it sends to the destination server, possibly leaking sensitive information. OpenVAS Vulnerability Test $Id: deb3240.nasl 6609...

(Mobile Pwn2Own) Amazon App Store HTTPS Downgrade Vulnerability

This vulnerability allows remote attackers to transmit unencrypted traffic on the Amazon App Store. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. All the HTML content within the Amazon App Store is transmitted...

DSA-3240-1 curl - security update

Bulletin has no description...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the apt-transport-https package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

[SECURITY] Fedora 22 Update: curl-7.40.0-3.fc22

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...