CVE-2007-6385

The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries...

CVE-2007-6385

The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries...

CVE-2007-6385

CVE-2007-6385 affects Kerio WinRoute Firewall (pre-6.4.1). The proxy server component does not properly enforce authentication for HTTPS pages. The underlying impact is stated as unknown within the available documents, and there is no detail on exploit vectors or specific conditions required for ...

SquirrelMail G/PGP Plugin deletekey() Command Injection Exploit

No description provided by source. !/usr/local/bin/ruby puts"http://backdoored.net\n" puts "SquirrelMail G/PG deletekey command injection exploit\n" puts "http://backdoored.net Visit Us\n" puts "Coded by Backdoored member. \n" puts "--------------------------------------------------\n" if ARGV0 =...

squirrel-inject.txt

!/usr/local/bin/ruby puts"http://backdoored.net\n" puts "SquirrelMail G/PG deletekey command injection exploit\n" puts "http://backdoored.net Visit Us\n" puts "Coded by Backdoored member. \n" puts "--------------------------------------------------\n" if ARGV0 == nil && ARGV1 == nil && ARGV2 == n...

SquirrelMail GPGP Encryption Plugin - deletekey() Command Injection

SquirrelMail GPGP Encryption Plugin - deletekey Command Injection !/usr/local/bin/ruby puts"http://backdoored.net\n" puts "SquirrelMail G/PG deletekey command injection exploit\n" puts "http://backdoored.net Visit Us\n" puts "Coded by Backdoored member. \n" puts...

SquirrelMail G/PGP Encryption Plugin - 'deletekey()' Command Injection

!/usr/local/bin/ruby puts"http://backdoored.net\n" puts "SquirrelMail G/PG deletekey command injection exploit\n" puts "http://backdoored.net Visit Us\n" puts "Coded by Backdoored member. \n" puts "--------------------------------------------------\n" if ARGV0 == nil && ARGV1 == nil && ARGV2 == n...

NetScaler Unencrypted Web Management Interface

The remote Citrix NetScaler web management interface does not use TLS or SSL to encrypt connections. %NASLMINLEVEL 70300 netscalerwebunencrypted.nasl GPLv2 Changes by Tenable: - Revised plugin title 9/23/09 - Added CPE and updated copyright 10/18/2012 - Corrected encryption testing 1/2/2018 -...

QQ website login RSA encrypted transmission defect analysis-vulnerability warning-the black bar safety net

! QQ Thanks to anonymous people posting QQ website login not using https is encrypted, instead of using the RSA asymmetric encryption to protect transmission of passwords and sensitive information security. QQ is in javascript to achieve the entire process. This idea is very novel, but is also...

ertificate spoofing with subjectAltName and domain name wildcards

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Phishing for Confirmations Certificate spoofing with subjectAltName and domain name wildcards URL: http://nils.toedtmann.net/pub/subjectAltName.txt Version: 2007-11-16-07 Author: Nils Toedtmann [email protected] License: Dual...

Ubuntu 6.06 LTS / 6.10 / 7.04 : elinks vulnerability (USN-519-1)

Kalle Olavi Niemitalo discovered that if elinks makes a POST request to an HTTPS URL through a proxy, information may be sent in clear-text between elinks and the proxy. Attackers with access to the network could steal sensitive information such as passwords. Note that Tenable Network Security ha...

CVE-2002-2405

Check Point FireWall-1 4.1 and Next Generation NG, with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall...

CVE-2002-2414

Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority CA certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service crash...

CVE-2002-2414

Opera 6.0.3, when used with Squid 2.4 as an HTTPS proxy, does not properly handle accepting a non-global certificate authority (CA) certificate from a site before establishing a subsequent HTTPS connection, which can allow remote attackers to cause a denial of service (crash). The connected docum...

CVE-2002-2405

CVE-2002-2405 affects Check Point FireWall-1 4.1 and NG when UserAuth is configured to proxy HTTP traffic only, permitting remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall. The root cause and actionable remediation details are not provided in the co...

How to perform https man in the middle attacks-vulnerability warning-the black bar safety net

First talk about the fake certificate. First use openssl to generate a certificate, I generated here by an example. crt and example. key two, the protection of the password is 1 2 3 4 in. And then connect to the real HTTPS Server, get the real certificate. Re-starting forgery of certificate to be...

Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)

No description provided by source. !/usr/bin/perl ================================================================ Apache Tomcat Remote File Disclosure Zeroday Xploit - With support for SSL MoDiFiEd version by : h3rcul3s ORiGiNaL Version by : kcdarookie aka eliteb0y / 2007...

Apache Tomcat - WebDAV SSL Remote File Disclosure

Apache Tomcat - WebDAV SSL Remote File Disclosure !/usr/bin/perl ================================================================ Apache Tomcat Remote File Disclosure Zeroday Xploit - With support for SSL MoDiFiEd version by : h3rcul3s ORiGiNaL Version by : kcdarookie aka eliteb0y / 2007...

Design/Logic Flaw

Cisco Firewall Services Module FWSM 3.21, and 3.15 and earlier, allows remote attackers to cause a denial of service device reload via a crafted HTTPS request, aka CSCsi77844...

CVE-2007-5570

Cisco Firewall Services Module FWSM 3.21, and 3.15 and earlier, allows remote attackers to cause a denial of service device reload via a crafted HTTPS request, aka CSCsi77844...