Security update for Chromium (important)

Chromium was updated to 52.0.2743.82 to fix the following security issues boo989901: - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in...

CVE-2016-5133

Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream...

CVE-2016-5133

Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream...

Information disclosure

Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream...

CVE-2016-5133

CVE-2016-5133 describes a proxy authentication origin confusion in Google Chrome/Chromium prior to 52.0.2743.82, enabling MITM attackers to spoof a proxy-login prompt or trigger incorrect credential storage by altering the client–server data stream. Affected software is Chromium/Chrome (proxy aut...

CVE-2016-5133

Removed by vendor...

CVE-2016-5133

Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream...

UBUNTU-CVE-2016-5133

Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream...

CVE-2016-5133

Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream...

Google Chrome Security Updates (stable-channel-update-2016-07) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

CVE-2016-5133

Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream...

Linux/x86-64 - Ncat Shellcode (SSL, MultiChannel, Persistant, Fork, IPv4/6, Password) (176 bytes)

include include // Exploit Title: Linux 64bit Ncat + SSL + MultiChannel + Persistant + Fork + IPv4/6 + Password 176byte // Date: 7/5/2016 // Exploit Author: CripSlick // Tested on: Kali 2.0 // Version: Ncat: Version 7.01 // email protected // OffSec ID: OS-20614 // http://50.112.22.183/...

Unspecified Vulnerability in Haxx Libcurl

Haxx Libcurl is a free , open source client-side URL transfer library from the Swedish company Haxx. The library supports FTP, FTPS, TFTP, HTTP and so on. The 'ConnectionExists' function in the lib/url.c file of Haxx Libcurl fails to correctly reuse NTLM-authenticated proxy connections, allowing ...

Debian DSA-3455-1 : curl - security update

Isaac Boukris discovered that cURL, an URL transfer library, reused NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for the new transfer. This could lead to HTTP requests being sent over the connection...

UBUNTU-CVE-2016-0755

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015...

FreeBSD : privoxy -- malicious server spoofing as proxy vulnerability (ad82b0e9-c3d6-11e5-b5fe-002590263bf5)

Privoxy Developers reports : Proxy authentication headers are removed unless the new directive enable-proxy-authentication-forwarding is used. Forwarding the headers potentially allows malicious sites to trick the user into providing them with login information. Reported by Chris John Riley...

CVE-2015-4334

CVE-2015-4334 affects Blue Coat ProxySG SGOS when deployed as an explicit proxy. The default configuration forwards authentication challenges from upstream origin content servers, enabling a remote attacker to obtain sensitive information via HTTP 407 responses. Affected SGOS versions are before ...

Use integrated Windows Auth for Proxy Authentication

Hi, I'm looking to secure access to the internet via an authenticated proxy and would like to avoid username passwords within init strings. https://confluence.atlassian.com/display/JIRAKB/How+to+Configure+an+Outbound+HTTP+and+HTTPS+Proxy+for+JIRA describes a scenario where this may be possible,...

Use integrated Windows Auth for Proxy Authentication

Hi, I'm looking to secure access to the internet via an authenticated proxy and would like to avoid username passwords within init strings. https://confluence.atlassian.com/display/JIRAKB/How+to+Configure+an+Outbound+HTTP+and+HTTPS+Proxy+for+JIRA describes a scenario where this may be possible,...

CVE-2015-1229

Removed by vendor...