Mozilla Thunderbird < 17.0.3 Multiple Vulnerabilities

Binary data 6692.prm...

Mozilla Thunderbird 17.x < 17.0.3 Multiple Vulnerabilities

Binary data 801245.prm...

Cross site scripting

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web...

CVE-2013-0776

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web...

Phishing on HTTPS connection through malicious proxy — Mozilla

Google security researcher Michal Zalewski reported an issue where the browser displayed the content of a proxy's 407 response if a user canceled the proxy's authentication prompt. In this circumstance, the addressbar will continue to show the requested site's address, including HTTPS addresses...

USN-1721-1: curl vulnerability

It was discovered that curl incorrectly handled SASL authentication when communicating over POP3, SMTP or IMAP. If a user or automated system were tricked into processing a specially crafted URL, an attacker could cause a denial of service, or possibly execute arbitrary code. The default compiler...

Mega Bug Bounty Makes First Payouts

Week one of the Mega cloud storage service bug bounty is in the books and at least three payouts have been made. Controversial entrepreneur and MegaUpload founder Kim Dotcom made the challenge last week offering a €10,000 reward to anyone who could break the encryption protecting the service. Six...

Multipurpose Sniffer: Ettercap

Ettercap is a multipurpose sniffer / interceptor/logger for switched LAN Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN . It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems...

CVE-2013-1450

Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host v...

Design/Logic Flaw

Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host v...

Design/Logic Flaw

Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted...

CVE-2013-1450

Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host v...

CVE-2013-1451

Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted...

Microsoft Internet Explorer 8/9 - Steal Any Cookie

Exploit Title: Internet Explorer 8 & Internet Explorer 9 steal any Cookie Date: 27.01.2013 Exploit Author: Christian Haider; Email: christian.haider.poc @ gmail dot com; linkedin: http://www.linkedin.com/in/chrishaider Category: remote Vendor Homepage: http://www.microsoft.com Version: IE 8, IE 9...

RHEL 5 : nss (RHSA-2012:0532)

Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Extended Update Support The Red Hat Security Response Team has rated this update as having important security impact. Network Security Services NSS is a set of libraries designed to support the...

Ubuntu Update for tomcat7 USN-1685-1

Check for the Version of tomcat7 OpenVAS Vulnerability Test $Id: gbubuntuUSN16851.nasl 8526 2018-01-25 06:57:37Z teissa $ Ubuntu Update for tomcat7 USN-1685-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...

USN-1685-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially-crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu...

phlyLabs phlyMail Lite 4.03.04 - &#039;go&#039; Open Redirect

phlyLabs phlyMail Lite 4.03.04 go param Open Redirect Vulnerability Vendor: phlyLabs Product web page: http://www.phlymail.com Affected version: Lite 4.03.04 Summary: phlyMail offers you an interface in the browser to have access to your emails, contacts, appointments, tasks, files and bookmakrs...

Researcher: Nokia HTTPs Traffic Proxied, Data Stored in Clear Text

Nokia mobile devices redirect Web requests to Nokia-owned proxy servers where header information including credentials are stored in clear text, putting anything from banking sessions to social media accounts at risk, a researcher claims. India-based researcher Gaurang Pandya, an infrastructure...

Yahoo Makes SSL Option Available For Mail Users

Following a trail cut several years ago by Google and Microsoft, Yahoo has now given users of its webmail service the option of using an SSL connection for their sessions. The HTTPS option is not enabled by default, but users can turn it on with a couple of clicks. Yahoo has been slow to make the...