CVE-2009-2065

CVE-2009-2065 (Mozilla Firefox) : Firefox 3.0.10 (and possibly other versions) is vulnerable to a context-mixing flaw where http content can be loaded in an https page when the top-level frame is https. An MITM attacker could modify an http page to include an https iframe that loads a script from...

CVE-2009-2071

Removed by vendor...

CVE-2009-2068

Removed by vendor...

CVE-2009-2072

Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted 1 4xx or 2 5xx CONNECT response page for an https request sent through a proxy server...

Design/Logic Flaw

The secure login page in the Administrative Console component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network...

CVE-2009-1898

The secure login page in the Administrative Console component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network...

CVE-2009-1898

The secure login page in the Administrative Console component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network...

CVE-2009-1474

The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not 1 encrypt mouse events, which makes it easier for man-in-the-middle attackers to perform mouse operations on machines connected to the switch by injecting network traffic; and do not 2 s...

CVE-2009-1477

The https web interfaces on the ATEN KH1516i IP KVM switch with firmware 1.0.063, the KN9116 IP KVM switch with firmware 1.1.104, and the PN9108 power-control unit have a hardcoded SSL private key, which makes it easier for remote attackers to decrypt https sessions by extracting this key from...

Session fixation

The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not 1 encrypt mouse events, which makes it easier for man-in-the-middle attackers to perform mouse operations on machines connected to the switch by injecting network traffic; and do not 2 s...

CVE-2009-1474

The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not 1 encrypt mouse events, which makes it easier for man-in-the-middle attackers to perform mouse operations on machines connected to the switch by injecting network traffic; and do not 2 s...

CVE-2009-1474

The CVE-2009-1474 issue affects ATEN KH1516i (firmware 1.0.063) and KN9116 (firmware 1.1.104). It states that mouse events are not encrypted and the session cookie is not marked Secure in HTTPS, enabling potential man-in-the-middle abuse and cookie interception over HTTP. Connected sources confir...

CVE-2009-0089

Windows HTTP Services aka WinHTTP in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate...

CVE-2009-0089

Windows HTTP Services aka WinHTTP in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate...

CVE-2009-0089

CVE-2009-0089 describes a vulnerability in Windows HTTP Services (WinHTTP) where remote servers could impersonate HTTPS sites via DNS spoofing and forward a connection to a host with a valid certificate for a different domain. Affected: Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, and Vista...

Protection against Microsoft Windows HTTP Services Certificate Name Mismatch Remote Code Execution Vulnerability (MS09-013)

A spoofing vulnerability has been reported in Microsoft Windows HTTP Services. Windows HTTP Services WinHTTP provides developers with an HTTP client application programming interface API to send requests through the HTTP protocol to other HTTP servers. A remote attacker may exploit this issue to...

SQL injection

Added: 04/10/2009 Background Structured Query Language SQL is the most common language understood by modern relational databases. Problem A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to inject arbitrary SQL commands via a speciall...

CVE-2009-0626

The CVE-2009-0626 entry covers Cisco IOS WebVPN/SSLVPN vulnerabilities in 12.3–12.4. A crafted HTTPS packet can cause a device reload/hang (Crash). The adjacent CVE-2009-0628 describes a memory‑leak condition in SSLVPN sessions that can exhaust memory and crash the device. Affected releases inclu...

CVE-2009-0626

The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service device reload or hang via a crafted HTTPS packet...

Ubuntu Update for elinks vulnerability USN-519-1

Ubuntu Update for Linux kernel vulnerabilities USN-519-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5191.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for elinks vulnerability USN-519-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...