CVE-2014-1930

Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to 1 AppSelfService.aspx and 2 AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging...

Design/Logic Flaw

Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to 1 AppSelfService.aspx and 2 AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging...

CVE-2014-1930

Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to 1 AppSelfService.aspx and 2 AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging...

CVE-2014-1930

Visibility Software Cyber Recruiter prior to version 8.1.00 is vulnerable due to an improper HTTPS transport/response header configuration that permits browser-history access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx, enabling an attacker to obtain sensitive information from an unatten...

Low: Red Hat Security Advisory: wget security and bug fix update

An updated wget package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

HackerOne: LinkedIN URL should be HTTPS

Not really a security bug, but I think will be a good idea to add HTTPS on LinkedIN Share Button. Example page In the right side of page: https://hackerone.com/reports/547 LinkedIN redirect to HTTPS after click, but cookie is sent on the network before that. Thanks!...

Fedora Update for libXfont FEDORA-2014-0443

Check for the Version of libXfont OpenVAS Vulnerability Test Fedora Update for libXfont FEDORA-2014-0443 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for nss-softokn FEDORA-2013-22756

Check for the Version of nss-softokn OpenVAS Vulnerability Test Fedora Update for nss-softokn FEDORA-2013-22756 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Fedora Update for xen FEDORA-2014-1559

Check for the Version of xen OpenVAS Vulnerability Test Fedora Update for xen FEDORA-2014-1559 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

MyBB 1.6.12 POST Cross Site Scripting

alert/XSS/ " / document.exploit.submit;...

Debian DSA-2849-1 : curl - information disclosure

Paras Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user. %NASLMINLEVEL 70300 C Tenable...

[SECURITY] [DSA 2849-1] curl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2849-1 [email protected] http://www.debian.org/security/ Florian Weimer January 31, 2014 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2849-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2849-1 [email protected] http://www.debian.org/security/ Florian Weimer January 31, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2849-1 (curl - information disclosure)

Paras Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user. OpenVAS Vulnerability Test $Id:...

Google Pwnium 4 to Offer $2.7M in Prizes at CanSecWest

Building on the success of the last couple of years, Google plans to offer more than $2.7 million in potential rewards in the next iteration of its Pwnium hacking competition at this year’s CanSecWest conference in Vancouver. The company has run the contest in parallel with the older Pwn2Own...

Google Chrome Eavesdropping Exploit Published

The developer of the annyang speech recognition JavaScript library has published exploit code for a bug in Google’s Chrome browser that could allow a malicious website to eavesdrop using a computer’s microphone long after a visitor has left a website. The code disclosure is in response, said...

Fedora Update for drupal7-entity FEDORA-2014-0508

Check for the Version of drupal7-entity OpenVAS Vulnerability Test Fedora Update for drupal7-entity FEDORA-2014-0508 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

sstp-discover NSE Script

Check if the Secure Socket Tunneling Protocol is supported. This is accomplished by trying to establish the HTTPS layer which is used to carry SSTP traffic as described in: - Current SSTP server implementations: - Microsoft Windows Server 2008/Server 2012 - MikroTik RouterOS - SEIL Example...

Twitter Forces HTTPS Connections to its API

UPDATE: As of yesterday, Twitter’s application programming interface API will only recognize traffic traveling via Transport Layer Security TLS or Secure Sockets Layer SSL. Any applications connecting to the API in plaintext will no longer work. There is a vast selection of third-party Twitter...

Yahoo Encryption Slammed for Lack of Forward Secrecy, HSTS

Yahoo, as promised, rolled out HTTPs by default this week for its email service, bringing it in line with other Internet companies that have been securing users’ communication for years. But if Yahoo expected applause from security experts, it can think again. The response from those well-versed ...