Solaris 10 (sparc) : 120981-25

Sun Java System Web Proxy Server 4.0.17, Solaris SVR4 patch: Mai. Date this patch was last updated by Sun : Jul/01/11 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

Authentication flaw

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving unhashed tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allow...

ShadowSocks ConnecTion - A Wrapper Tool For Shadowsocks To Consistently Bypass Firewalls

A wrapper tool for shadowsocks to consistently bypass firewalls. Quick start Automatically connect The easiest way to run this tool is just type ssct in terminal, and ssct will acquire available shadowsocks servers from ishadowsocks and connect to it automatically. Connect to a specific server...

IT threat evolution Q2 2017

Targeted attacks and malware campaigns Back to the future: looking for a link between old and new APTs This year's Security Analyst Summit SAS included interesting research findings on several targeted attack campaigns. For example, researchers from Kaspersky Lab and King's College London present...

FreeBSD : subversion -- Arbitrary code execution vulnerability (6e80bd9b-7e9b-11e7-abfe-90e2baa3bafc)

subversion team reports : A Subversion client sometimes connects to URLs provided by the repository. This happens in two primary cases: during 'checkout', 'export', 'update', and 'switch', when the tree being downloaded contains svn:externals properties; and when using 'svnsync sync' with one URL...

Design/Logic Flaw

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server to attack another...

CVE-2017-9800

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server to attack another...

CVE-2017-9800

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server to attack another...

CVE-2017-9800

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server to attack another...

The vulnerability of the Proxy.php proxy server of the Trend Micro Anti-Virus protection system allows a hacker to execute arbitrary code.

The vulnerability of the Proxy.php proxy server of the Trend Micro Anti-Virus protection system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code upon processing the tr parameter...

CVE-2017-1381

IBM WebSphere Application Server Proxy Server or On-demand-router ODR 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152...

Design/Logic Flaw

IBM WebSphere Application Server Proxy Server or On-demand-router ODR 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152...

CVE-2017-1381

IBM WebSphere Application Server Proxy Server or On-demand-router ODR 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152...

CVE-2017-1381

The CVE-2017-1381 issue affects IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) in WAS versions 7.0–9.0. The vulnerability is caused by stale data being cached and then served, enabling a local attacker to obtain sensitive information. IBM security bulletins linked to this...

CentOS Update for httpd CESA-2017:1721 centos6

Check the version of httpd SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882751";...

Information Disclosure

Moodle is vulnerable to information disclosure. The library does not send Cache-Control: private headers, allowing a malicious user to send requests for files that were previously retrieved by a caching proxy server...

proxy server seeing Android traffic from client IP

Your proxy server may see the client IP from Android devices where as iOS it sees and expects the subnet IP of the NS. How to filter traffic using the Subnet IP address for Android Devices?...

httpd: Apache HTTP Request Parsing Whitespace Defects

It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a...

Manual Firewall changes for Veeam Backup from Storage Snapshot with Cisco HyperFlex IOvisor processing

Challenge This article describes making manual firewall changes for Veeam Backup from Storage Snapshot with Cisco HyperFlex IOvisor processing. For details on how to perform these firewall changes using a predefined VMware ESXi extension please review KB2298. HyperFlex Version Specific Article...

Zabbix Proxy Server Identity Bypass Vulnerability

Zabbix Server is a Latvian Zabbix SIA company's open source application for server-side monitoring system . The system can monitor a variety of network parameters , and provides a notification mechanism to allow system administrators to quickly locate and resolve the existence of a variety of...