Google Chrome Multiple Vulnerabilities-01 (Jul 2013) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Zoho Information Disclosure / Mixed Content

ZOHO INTERNAL INFORMATION DISCLOSURE Content type is not specified /INSECURE TRANSITION FROM HTTP TO HTTPS IN FORM ================================================================================================================================================== Report-Timeline: ================...

ASUS RT-N66U Router - HTTPS Directory traversal and full file access and credential disclosure vuln

Vulnerable product: ASUS RT-N66U when HTTPS WebService via AiCloud is enabled AC66R and RT-N65U are effected as well, but need more testing Vulnerabilities: - Linux 2.6.22 - Researched on both 3.0.0.4.270 and 3.0.0.4.354 firmware - Full directory traversal and plain text disclosure of all sensiti...

Windows Meterpreter (Reflective Injection), Reverse HTTPS Stager with Support for Custom Proxy

Inject the Meterpreter server DLL via the Reflective Dll Injection payload staged. Requires Windows XP SP2 or newer. Tunnel communication over HTTP using SSL with custom proxy support This module requires Metasploit: https://metasploit.com/download Current source:...

Oracle Linux 4 / 5 / 6 : firefox (ELSA-2011-1268)

From Red Hat Security Advisory 2011:1268 : Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Mozilla Firefox is an open source web browser...

Oracle Linux 4 : seamonkey (ELSA-2011-1266)

From Red Hat Security Advisory 2011:1266 : Updated SeaMonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. SeaMonkey is an open source web browser, email and...

Oracle Linux 4 / 6 : thunderbird (ELSA-2011-0374)

From Red Hat Security Advisory 2011:0374 : An updated thunderbird package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Mozilla Thunderbird is a...

Oracle Linux 4 : seamonkey (ELSA-2011-0375)

From Red Hat Security Advisory 2011:0375 : Updated SeaMonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. SeaMonkey is an open source web browser, email and...

Oracle Linux 4 / 6 : thunderbird (ELSA-2011-1243)

From Red Hat Security Advisory 2011:1243 : An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Mozilla Thunderbird is a standalone mail...

Oracle Linux 5 : Moderate: / elinks (ELSA-2007-0933)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2007-0933 advisory. 0.9.2-3.3.5.2 - fix elinks-0.9.2-httpspostdata.patch 303881 0.9.2-3.3.5.1 - fix 297611 - CVE-2007-5034 elinks reveals POST data to HTTPS proxy 0.9.2-3.3 - fix...

Oracle Linux 4 / 5 / 6 : firefox (ELSA-2011-1242)

From Red Hat Security Advisory 2011:1242 : Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Mozilla Firefox is an open source web browser...

Oracle Linux 4 : seamonkey (ELSA-2011-1244)

From Red Hat Security Advisory 2011:1244 : Updated SeaMonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. SeaMonkey is an open source web browser, email and...

Oracle Linux 4 / 5 / 6 : nspr / nss (ELSA-2011-1282)

From Red Hat Security Advisory 2011:1282 : Updated nss and nspr packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Network Security Services NSS is a set of...

Oracle Linux 4 / 6 : thunderbird (ELSA-2011-1267)

From Red Hat Security Advisory 2011:1267 : An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Mozilla Thunderbird is a standalone mail...

Oracle Linux 4 / 5 / 6 : nss (ELSA-2011-1444)

From Red Hat Security Advisory 2011:1444 : Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Network Security Services NSS is a set of libraries...

CVE-2013-2853

The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n carriage return, newline, carriage return, newline, which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation...

Design/Logic Flaw

The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n carriage return, newline, carriage return, newline, which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation...

CVE-2013-2853

The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n carriage return, newline, carriage return, newline, which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation...

CVE-2013-2853

The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n carriage return, newline, carriage return, newline, which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation...

CVE-2013-2853

CVE-2013-2853 is a vulnerability in the Chromium/Chrome HTTPS implementation where headers are not guaranteed to terminate with "\r\n\r\n", enabling a man‑in‑the‑middle attack with the potential for partial confidentiality/integrity impact. Public advisories (Debian DSA-2724/DSA-2724-1, Gentoo GL...