Code injection

The server in HP Integrated Lights-Out 2 aka iLO 2 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool...

CVE-2014-2601

The server in HP Integrated Lights-Out 2 aka iLO 2 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool...

CVE-2014-2601

HP iLO 2 (Integrated Lights-Out 2) remote DoS vulnerability (CVE-2014-2601) affects version 2.23 and earlier. A remote attacker can cause service denial via crafted HTTPS traffic (as shown by a vulnerability scanner tool). Notably, CVSS base score is 7.8 (HIGH) with network access, no authenticat...

Updated squid package fixes CVE-2014-0128

Updated squid packages fix security vulnerability: Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled CVE-2014-0128...

CVE-2014-2601

The server in HP Integrated Lights-Out 2 aka iLO 2 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value...

Open redirect on Bamboo login page, only when configured for HTTPS connections

If Bamboo is configured for HTTPS connections, then the following happens. It does not occur when Bamboo is configured as HTTP:// Description Bamboo has an open redirect on the login page which allows redirection to external sites. The osdestination parameter on the userlogin page and other pages...

Open redirect on Bamboo login page, only when configured for HTTPS connections

If Bamboo is configured for HTTPS connections, then the following happens. It does not occur when Bamboo is configured as HTTP:// Description Bamboo has an open redirect on the login page which allows redirection to external sites. The osdestination parameter on the userlogin page and other pages...

Fedora Update for java-1.7.0-openjdk FEDORA-2014-5280

Check for the Version of java-1.7.0-openjdk OpenVAS Vulnerability Test Fedora Update for java-1.7.0-openjdk FEDORA-2014-5280 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Respondly: HTTP Strict transport security policy not enabled

HTTP Strict Transport Security HSTS is an opt-in security enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header that browser will prevent any communications from being sent over HTTP to the specified domain a...

Localize: User credentials are sent in clear text

Vulnerability description User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel HTTPS to avoid being intercepted by malicious users. This vulnerability affects /pages/signup. Discovered by: MANUALLY Attack details Form...

znc "CWebAdminMod::ChanPage()"空指针引用漏洞

ZNC是一款IRC代理。 ZNC "CWebAdminMod::ChanPage"函数modules/webadmin.cpp存在空指针引用错误，允许攻击者利用漏洞使应用程序崩溃。 0 ZNC 1.x 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： https://github.com/znc/znc/issues/528...

Localize: Change user settings through CSRF

Hello, it's trivial to change the user settings. Just use this HTML code: In addition with some Javascript code that submits the form automatically, making the user visit the snipped of code above will change their user settings. If their e-mail address is altered too, and the adversary gets a...

Fedora Update for mingw-openjpeg FEDORA-2014-4749

Check for the Version of mingw-openjpeg OpenVAS Vulnerability Test Fedora Update for mingw-openjpeg FEDORA-2014-4749 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

SuSE 11.3 Security Update : python-setuptools (SAT Patch Number 9116)

python-setuptools so far used only HTTP to retrieve packages, which could have lead to man in the middle attacks on newly installed python code. This update adjusts it to use HTTPS, guaranteeing better connection integrity. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...

HeartBleed Bug Explained - 10 Most Frequently Asked Questions

Heartbleed – I think now it’s not a new name for you, as every informational website, Media and Security researchers are talking about probably the biggest Internet vulnerability in recent history. It is a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allow...

USN-2167-1: curl vulnerabilities

Steve Holme discovered that libcurl incorrectly reused wrong connections when using protocols other than HTTP and FTP. This could lead to the use of unintended credentials, possibly exposing sensitive information. CVE-2014-0138 Richard Moore discovered that libcurl incorrectly validated wildcard...

C2FO: The server supports only older protocols for HTTPS connections

The webserver at c2fo.com, 198.58.120.159 only supports SSL 3.0 and TLS 1.0 for secure HTTP connections see: test-results.png. While TLS 1.0 is more secure than SSL 3.0, subsequent versions of TLS, TLS 1.1 and TLS 1.2, are significantly more secure and fix many vulnerabilities present in SSL 3.0...

Fedora Update for kernel FEDORA-2014-4844

Check for the Version of kernel OpenVAS Vulnerability Test Fedora Update for kernel FEDORA-2014-4844 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Microsoft Internet Explorer内存破坏漏洞(CVE-2014-0235)

Bugtraq ID:66646 CVE ID:CVE-2014-0235 Internet Explorer是微软公司推出的一款网页浏览器。 由于一个未明的错误可以导致内存破坏。 0 Microsoft Internet Explorer 6.x Microsoft Internet Explorer 7.x Microsoft Internet Explorer 8.x Microsoft Internet Explorer 9.x Microsoft Internet Explorer 11.x 目前厂商已经发布了升级补丁以修复漏洞，请下载使用：...

IE 12 to Support HSTS Encryption Protocol

Microsoft confirmed today it will support HTTPS Strict Transport Protocol HSTS in Internet Explorer 12, bringing its browser in line with other major vendors in its support of the protocol. Browsers supporting HSTS force any sessions sent over HTTP to be sent instead over HTTPS, encrypting...