CVE-2014-3263

The ScanSafe module in Cisco IOS 15.33M allows remote attackers to cause a denial of service device reload via HTTPS packets that require tower processing, aka Bug ID CSCum97038...

Design/Logic Flaw

The server in Symantec Workspace Streaming SWS before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS...

CVE-2014-1649

The server in Symantec Workspace Streaming SWS before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS...

CVE-2014-1649

The server in Symantec Workspace Streaming SWS before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS...

CVE-2014-3263

The ScanSafe module in Cisco IOS 15.33M allows remote attackers to cause a denial of service device reload via HTTPS packets that require tower processing, aka Bug ID CSCum97038...

CVE-2014-1649

Symantec Workspace Streaming (SWS) server before 7.5.0.749 has an information disclosure/arbitrary file upload vulnerability in its XML-RPC handling (notably the ManagementAgentServer.putFile path), due to lack of proper access-control validation on XMLRPC requests. This allows remote, unauthenti...

CVE-2014-3263

Cisco IOS Software ScanSafe module (15.3(3)M) is affected by CVE-2014-3263, where unauthenticated, remote attackers can trigger a denial of service (device reload) by sending HTTPS packets that must be redirected to a ScanSafe tower, via Bug ID CSCum97038. The concrete impact is a reload of the t...

Cisco IOS Software ScanSafe Vulnerability

A vulnerability in the content scanning module of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability occurs when processing HTTPS packets that need to be redirected to a ScanSafe tower. An attacker could exploit this...

Design/Logic Flaw

Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which 1 the certificate of the last loaded resource is checked, instead of for the main...

joola.io: HTTP Strict Transport Security (HSTS) Policy Not Enabled

Dear Team, Step-by-step instructions on how to reproduce the problem: It was found the application is vulnerable to HTTP Strict Transport Security HSTS Policy Not Enabled. HTTP Strict Transport Security HSTS is an opt-in security enhancement that is specified by a web application through the use ...

Fake Digital Certificates Found in the Wild While Observing Facebook SSL Connections

Visiting a website certified with an SSL certificate doesn’t mean that the website is not bogus. Secure Sockets Layer SSL protect the web users in two ways, it uses public key encryption to encrypt sensitive information between a user’s computer and a website, such as usernames, passwords, or...

Service Worker - first draft published

The first draft of the service worker spec was published today! It's been a collaborative effort between Google, Samsung, Mozilla and others, and implementations for Chrome and Firefox are being actively developed. Anyone interesting in the web competing with native apps should be excited by this...

CVE-2014-3230

The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the 1 HTTPSCADIR or 2 HTTPSCAFILE environment variable...

Fedora Update for community-mysql FEDORA-2014-5396

Check for the Version of community-mysql OpenVAS Vulnerability Test Fedora Update for community-mysql FEDORA-2014-5396 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

Improving the URL bar

iOS has hidden the pathname of URLs for some time now, but recently Chrome Canary introduced something similar behind a flag. I'm not involved in the development of Chrome experiment at all, but I've got more than 140 characters worth of opinion on it… We have a real security problem I recently...

Open redirect in JIRA in HTTPS mode only

If JIRA is configured for HTTPS connections in both "redirect HTTP to HTTPS" and "HTTPS only" modes, then the following redirects are possible. This does not occur in HTTP configs. The osdestination parameter on the login.jsp page and other pages once logged in - see technical details below allow...

Open redirect in JIRA in HTTPS mode only

If JIRA is configured for HTTPS connections in both "redirect HTTP to HTTPS" and "HTTPS only" modes, then the following redirects are possible. This does not occur in HTTP configs. The osdestination parameter on the login.jsp page and other pages once logged in - see technical details below allow...

Open redirect in JIRA in HTTPS mode only

If JIRA is configured for HTTPS connections in both "redirect HTTP to HTTPS" and "HTTPS only" modes, then the following redirects are possible. This does not occur in HTTP configs. The osdestination parameter on the login.jsp page and other pages once logged in - see technical details below allow...

Mail.ru: Login without SSL-Protection

Hallo, e.mail.ru is not properly protected with SSL encryption It is possible to login without using HTTPS, this could to lead man-in-the-middle password-disclosure. The best, Simon...

CVE-2014-2601

The server in HP Integrated Lights-Out 2 aka iLO 2 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool...