Mozilla: Phishing on HTTPS connection through malicious proxy (MFSA 2013-27)

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web...

IBM WebSphere Application Server 8.0 < Fix Pack 5 Multiple Vulnerabilities

IBM WebSphere Application Server 8.0 before Fix Pack 5 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - An unspecified error exists related to the Administrative Console that can allow an attacker to hijack sessions...

Design/Logic Flaw

Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host v...

IBM WebSphere Application Server 7.0 < Fix Pack 27 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 before Fix Pack 27 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - A request validation error exists related to the proxy server component that could allow a remote attacker to cause the pro...

RHEL 4 : Proxy Server (RHSA-2008:0627)

Red Hat Network Proxy Server version 5.1.1 is now available. This update includes a fix for a security issue in a Red Hat Network Proxy Server component. This update has been rated as having low security impact by the Red Hat Security Response Team. The Red Hat Network Proxy Server 5.1.1 release...

RHEL 4 : Proxy Server (RHSA-2008:0263)

Red Hat Network Proxy Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Proxy Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. The Red Hat Network Proxy Server 5.0....

Watson Management Console 4.11.2.G - Directory Traversal

Watson Management Console 4.11.2.G - Directory Traversal Exploit Title: Watson Management Console Directory Traversal Vulnerability Google Dork: allintitle:Watson Management Console Contacted Vendor : 17/12/2012 as well as 31/12/2012 The Vendor Did Not Respond . Date: 1/2/2013 Exploit Author: Dhr...

IBM WebSphere Application Server 8.5 < Fix Pack 1 Multiple Vulnerabilities

IBM WebSphere Application Server 8.5 before Fix Pack 1 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists related to the 'Eclipse Help System' that can allow arbitrary redirect responses to HTTP...

Windows 8 Malware Using Google Docs to Target Brazilians

New malware targeting Windows 8 appears to be using Google Docs as a proxy server instead of directly connecting to a command and control C&C server. According to research done by Symantec and discussed in the company’s Security Response blog late last week, a Trojan, Backdoor.Makadocs, targets...

CVE-2012-3330

The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service daemon outage via a crafted request...

Design/Logic Flaw

The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service daemon outage via a crafted request...

CVE-2012-3330

CVE-2012-3330 affects IBM WebSphere Application Server and WebSphere Virtual Enterprise. The DoS arises from an error in the proxy server component: a crafted request can cause the daemon to outage. Affected versions include WebSphere Application Server 7.0 prior to 7.0.0.27, 8.0 prior to 8.0.0.5...

Classmate of Lulzsec Hacker arrested and accused as another Lulzsec teammate

The two students accused of Sony Pictures hack participated in Cyber Defense Competition team exercises at the University of Advanced Technology in Arizona. US authorities have reportedly arrested a second suspected member of hacking group LulzSec on charges of taking part in an extensive compute...

Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64

Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. CVE-2009-1392, CVE-2009-1303, CVE-2009-1305, CVE-2009-1833,...

Multiple web browsers vulnerable in processing Tranfer-Encoding header

Overview Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header. Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header. When viewing a malicious web site through a proxy server, part of the HTTP response may be misidentified as ...

JVN#90389651: Multiple web browsers vulnerable in processing Tranfer-Encoding header

Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header. When viewing a malicious web site through a proxy server, part of the HTTP response may be misidentified as a response from a different server. Impact An arbitrary script may be executed on the user's web...

RedHat Update for squid RHSA-2011:1293-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

WebTitan v 3.62 - Multiple Cross Site Vulnerabilities

Document Title: =============== WebTitan v 3.62 - Multiple Cross Site Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=589 Release Date: ============= 2012-06-20 Vulnerability Laboratory ID VL-ID: ==================================== 589...

CVE-2012-0804

Heap-based buffer overflow in the proxyconnect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP response...

CVE-2012-0804

Heap-based buffer overflow in the proxyconnect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP response...