Hide passwords in ps aux for https git tasks

When git checkout tasks configured to use HTTPS run, the user and password are exposed in ps aux: noformat bamboo 15138 0.0 0.0 86752 2224 ? S May20 0:00 git-remote-https https://gituser:[email protected]/scm/consumer/XXXX.git...

XSS in FilterSubscription

h4. To reproduce: Visit: code:none /secure/FilterSubscription!default.jspa?returnUrl=javascript:alert1 code Click "Cancel" An alert should appear This URL should be restricted to the current domain, and to http/https protocols...

CVE-2013-4595

The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web page...

Code injection

The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web page...

CVE-2013-4595

The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web page...

CVE-2013-4595

The CVE-2013-4595 entry concerns the Drupal Secure Pages module (6.x-2.x) prior to 6.x-2.0. A URL matching flaw caused HTTP to be used instead of HTTPS, potentially exposing sensitive data via crafted pages. Remediation is to upgrade to Secure Pages 6.x-2.0. The Drupal core is not affected.

Updated perl-LWP-Protocol-https package fixes CVE-2014-3230

Updated perl-LWP-Protocol-https package fixes security vulnerability: It was reported that libwww-perl LWP, when using IO::Socket::SSL the default and when the HTTPSCADIR or HTTPSCAFILE environment variables were set, would disable server certificate verification, when the intent was to only...

CVE-2013-4725

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

Session fixation

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

CVE-2013-4725

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

CVE-2013-4725

CVE-2013-4725 affects DDSN Interactive cm3 Acora CMS versions 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1 (and possibly others). Description: the CMS does not set the Secure flag on an unspecified cookie in HTTPS sessions, allowing an attacker to capture the cookie by intercepting its transmission...

squid security update

CentOS Errata and Security Advisory CESA-2014:0597 Updated squid packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base scor...

RHEL 6 : squid (RHSA-2014:0597)

Updated squid packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Scientific Linux Security Update : squid on SL6.x i386/x86_64 (20140603)

A denial of service flaw was found in the way Squid processed certain HTTPS requests when the SSL Bump feature was enabled. A remote attacker could send specially crafted requests that could cause Squid to crash. CVE-2014-0128 After installing this update, the squid service will be restarted...

Automattic: Serving Transitions From: HTTP Protocol (not secure)

Dear Sir, I've Noticed from your SourceCode that you are using HTTP Protocol, and that will makes Insecure served for data transition. we will give the attacker a chance for "MIMT" man in the middle attack as you know that the name of the attack itself explain the steps. -check the source code of...

squid security update

7:3.1.10-20.3 - Resolves: 1098134 - CVE-2014-0128 squid: denial of service when using SSL-Bump 7:3.1.10-20.2 - revert: Resolves: 1039088 - issues with timeout on HTTPS connections 7:3.1.10-20.1 - Resolves: 1093072 - issues with timeout on HTTPS connections...

Mavenlink: Clickjacking & CSRF attack can be done at https://app.mavenlink.com/login

Hello, My name is Vineet bhardwaj. i am security researcher and i pen test your website https://app.mavenlink.com/login and i found there is click jacking attack and CSRF attack can be done. POC: CSRF testing frame opacity: 0.5; border: none; position: absolute; top: 0px; left: 0px; z-index: 1000...

PT-2014-3447 · Red Hat +1 · Yum +2

Name of the Vulnerable Software and Affected Versions: OpenStack Heat Templates heat-templates as used in Red Hat Enterprise Linux OpenStack Platform version 4.0 Description: The issue allows man-in-the-middle attackers to prevent updates via unspecified vectors, as OpenStack Heat Templates uses ...

WordPress Cookie handling process can lead to account hijacking-vulnerability warning-the black bar safety net

! Write ahead: This is actually a cookie transmission does not use the https problem, the most natural of seemingly unrelated picture, but in front of a burst of lead to ebay account disclosure of intrusion events, also has this vulnerability in the shadow. ps: looks like this hack was a girl...

WordPress Cookie Flaw Lets Hackers Hijack Your Account

Do you own a blog on WordPress.com website? If Yes, then you should take some extra cautious while signing into your Wordpress account from the next time when connected to public Wi-Fi, because it can be hacked without your knowledge, even if you have enabled two-factor authentication. Yan Zhu, a...