Cisco Security Advisory: Multiple Vulnerabilities in Firewall Services Module

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Firewall Services Module Advisory ID: cisco-sa-20071017-fwsm http://www.cisco.com/warp/public/707/cisco-sa-20071017-fwsm.shtml Revision 1.0 For Public Release 2007 October 17 1600 UTC GMT...

CVE-2007-5384

Multiple cross-site request forgery CSRF vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an inbound remote-assistanc...

RHEL 4 / 5 : elinks (RHSA-2007:0933)

An updated ELinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ELinks is a text mode Web browser used from the command line that supports...

Ruby Net::HTTPS library does not validate server certificate CN

The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL...

[SECURITY] [DSA 1380-1] New elinks packages fix information disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 1380-1 [email protected] http://www.debian.org/security/ Steve Kemp October 2nd, 2007 http://www.debian.org/security/faq -...

elinks reveals POST data to HTTPS proxy

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...

Moderate: Red Hat Security Advisory: elinks security update

An updated ELinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ELinks is a text mode Web browser used from the command line that supports...

Moderate: elinks security update

0.9.2-3.3.5.2 - fix elinks-0.9.2-httpspostdata.patch 303881 0.9.2-3.3.5.1 - fix 297611 - CVE-2007-5034 elinks reveals POST data to HTTPS proxy 0.9.2-3.3 - fix 215731 - elinks smb protocol arbitrary file access...

Debian DSA-1380-1 : elinks - programming error

Kalle Olavi Niemitalo discovered that elinks, an advanced text-mode WWW browser, sent HTTP POST data in cleartext when using an HTTPS proxy server potentially allowing private information to be disclosed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks...

[SECURITY] [DSA 1380-1] New elinks packages fix information disclosure

------------------------------------------------------------------------ Debian Security Advisory DSA 1380-1 [email protected] http://www.debian.org/security/ Steve Kemp October 2nd, 2007 http://www.debian.org/security/faq -...

DSA-1380-1 elinks - information disclosure

Bulletin has no description...

CVE-2007-5162

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

Cross site request forgery (csrf)

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

CVE-2007-5162

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

JVN#79013771 Safari allows access from HTTP to HTTPS

Safari is a default web browser installed in Mac OS X and iPhone. Safari contains a vulnerability that allows a remote attacker to access web page contents protected by SSL/TLS from an HTTP page in the same domain. Impact A remote attacker could obtain or change the web page contents protected by...

CVE-2007-5162

CVE-2007-5162 affects Ruby 1.8.5/1.8.6: Net::HTTP and Net::HTTPS do not verify the server certificate CN against the requested domain, enabling MITM or spoofed sites. The connected MiracleLinux advisory ( AXSA-2007-63:01 ) reiterates the flaw across multiple Net modules (including Net::HTTP/Net::...

Ruby Net::HTTPS library certificates validation cryptographic vulnerability

Certificate's CN field is not validated against DNS name, making it's possible to use valid certificate with wrong CN...

Ruby Net::HTTPS library does not validate server certificate CN

iSEC Partners Security Advisory - 2007-006-RubySSL http://www.isecpartners.com -------------------------------------------- Ruby Net::HTTPS library does not validate server certificate CN Vendor: Ruby Vendor URL: http://www.ruby-lang.org Versions affected: 1.8.5, 1.8.6, Trunk Ruby Systems Affecte...

[EXPL] Airsensor M520 HTTPD Preauth DoS and Buffer Overflow (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Web Server Transmits Cleartext Credentials

The remote web server contains several HTML form fields containing an input of type 'password' which transmit their information to a remote web server in cleartext. An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords of valid users. C Tenable Netwo...