7681 matches found
Moderate: Red Hat Security Advisory: rubygems security update
An updated rubygems package that fixes three security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...
CVE-2013-0500
IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of...
CVE-2013-0500
IBM Storwize V7000 Unified (1.3.0.0–1.4.1.1) is affected by CVE-2013-0500 due to a flaw in handling special files (character/block devices) created by NFS and later accessed via non‑NFS NAS protocols (CIFS, HTTPS, SCP, SFTP). An authenticated NAS user could read, modify, or manipulate configurati...
Command injection
The Clientless SSL VPN feature in Cisco Adaptive Security Appliance ASA Software 8.x before 8.25.44, 8.3.x before 8.32.39, 8.4.x before 8.45.7, 8.6.x before 8.61.12, 9.0.x before 9.02.6, and 9.1.x before 9.11.7 allows remote attackers to cause a denial of service device reload via crafted HTTPS...
Two Instagram Android App Security Vulnerabilities
Affected app: Instagram for Android Affected versions: 4.0.2 and 4.1.2, probably also earlier versions as well as iOS affected. Summary After the Instagram iOS vulnerability discovered last year 1, the app's HTTP API has been extended with a cryptographic authentication for changes like "likes" a...
CVE-2013-6044
The issafeurl function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting XSS or other vulnerabilities into Django applications that use this function, a...
CVE-2012-2125
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...
CVE-2012-2125
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...
Design/Logic Flaw
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...
CVE-2012-2125
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...
CVE-2012-2125
CVE-2012-2125 affects RubyGems prior to 1.8.23, where HTTPS connections could be redirected to HTTP, enabling a remote attacker to observe or modify a gem during installation via a man‑in‑the‑middle. The accompanying open‑source advisories and OS patch references document this issue across multip...
CVE-2012-2125
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...
Discuz!配置不当可导致CSRF发帖
简要描述: Discuz!配置不当可导致CSRF发帖 详细说明: 这个漏洞中评论说的 WooYun: Discuz!全版本鸡肋CSRF漏洞一枚 ,由于crossdomain.xml配置不当,可能会导致一些问题。评论时只是有个基本的印象,没有实测,既然xsser说有对这个的防御,那来看看是怎么防的. crossdomain.xml的默认设置: 对dz的代码结构不熟,按黑盒来测。 首先是读取那个formhash,看来有了crossdomain.xml的帮助,很容易的读到了当前用户的formhash。 function gethash function getformhashtxt txt =...
Multiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20090727-wlc)
The remote Cisco Wireless LAN Controller WLC is affected by one or more of the following vulnerabilities: - Malformed HTTP or HTTPS authentication response Denial of Service CVE-2009-1164 - SSH connections Denial of Service CVE-2009-1165 - Crafted HTTP or HTTPS request Denial of Service...
Cisco Unified Communications Manager (CUCM) Web Detection
The web interface for Cisco Unified Communications Manager CUCM was detected. Note: This plugin does not report anything. It only collects version information to be used downstream. C Tenable, Inc. include'compat.inc'; if description scriptid70088; scriptversion"1.8";...
Cisco IronPort PostX < 6.2.9.1 Multiple Vulnerabilities
The version of Cisco IronPort PostX on the remote device is a version prior to 6.2.9.1. As such, it is affected by multiple vulnerabilities : - An unspecified vulnerability in the administrative interface in the embedded HTTPS server allows remote attackers to read arbitrary files via unknown...
Facebook Android Bug Sent Users' Photos in the Clear
A researcher has discovered a privacy bug in the Facebook Android app that enables an attacker to view and download any images that a user sends to Facebook. The problem derives from the fact that the app, along with the official Facebook Messenger app for Android, don’t send those images over...
Debian Security Advisory DSA 2457-2 (iceweasel - several vulnerabilities)
Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2012-0467Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall,...
BEAST Cryptographic Attack Mitigations Overturned
The BEAST cryptographic attack, once thought to be largely mitigated, has two things conspiring against it to make breaches potentially possible again. Not only has a server-side mitigation essentially been rendered moot by recent research into the RC4 cryptographic protocol, but Apple has yet to...
Frequently Unanswered Questions on the NSA Leaks
The flood of documents regarding the NSA’s collection methods and capabilities that have been leaked this summer has produced thousands of news stories and several metric tons of speculation about what it all means. But for all of the postulating, analysis and reporting, there are still a lot of...