201 matches found
Double the bang for your buck with Acunetix Vulnerability Scanner
Acunetix have announced that they are extending their current free offering of the network security scan, part of their cloud-based web and network vulnerability scanner. Those signing up for a trial of the online version of Acunetix vulnerability scanner will now be able to scan their perimeter...
cURL and libcurl Default Configuration HTTP Headers Sending Vulnerability
cURL is a command-line file transfer tool that supports FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP protocols. libcurl for a free open source , client-side url transfer library . cURL and libcurl default configuration will send custom HTTP header field information to the proxy and...
CVE-2015-3153
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents...
CVE-2015-3153
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents...
CVE-2015-3153
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents...
CVE-2015-1229
net/http/proxyclientsocket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 aka Proxy Authentication Required HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...
CVE-2014-8639
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...
CVE-2014-8639
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...
FBI Director: 'High Confidence' in North Korea Attribution
When the FBI publicly announced that the North Korean regime was responsible for an embarrassing compromise of corporate networks at Sony Pictures Entertainment, security experts remained skeptical. FBI Director James Comey doubled down on the assertion yesterday at the Fordham University...
Google Adds Content Security Policy Support to Gmail
Google has added another layer of security for users of Gmail on the desktop, which now supports content security policy, a standard that’s designed to help mitigate cross-site scripting and other common Web-based attacks. CSP is a W3C standard that has been around for several years, and it’s bee...
[SECURITY] Fedora 19 Update: wget-1.16-3.fc19
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...
IBM WebSphere Application Server 7.0 < Fix Pack 33 Multiple Vulnerabilities
IBM WebSphere Application Server 7.0 prior to Fix Pack 33 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote...
Tor Instant Messaging Bundle - A New Anonymous and Encrypted messaging Software
We are living in an era of Mass Surveillance, conducted by the Government Agencies like the NSA and GCHQ, and we ourselves gave them an open invitation as we all have sensors in our pockets that track us everywhere we go i.e. Smartphone. Encryption and security are more important today than any...
Mandriva Linux Security Advisory : stunnel (MDVSA-2013:130)
Updated stunnel packages fix security vulnerability : stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a...
Shylock Trojan Going Global with New Features, Resilient Infrastructure
The prolific, credential-stealing Shylock banking Trojan is growing increasingly sophisticated as its creators continue adding new modules and functionalities to the man-in-the-browser malware, according to a Symantec report. To this point, Shylock has made its money via man-in-the-browser attack...
Attackers Shifting to Delivering Unknown Malware Via FTP and Web Pages
The bulk of “unknown” malware is being delivered to systems via Web-based attacks, proxies and FTP sessions, according to a study released by Palo Alto Networks this week. The study dubbed “The Modern Malware Review,” found more than 26,000 malware samples, and focuses on what the firm calls...
CVE-2013-1762
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow...
CVE-2013-1762
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow...
Three Charged with Creating, Distributing Gozi Banking Malware
Charges will be brought today in the U.S. District Court for the Southern District of New York against three men allegedly involved with creating and distributing the Gozi banking Trojan. Gozi infected more than a million computers worldwide, including a handful at NASA, leading to tens of millio...
Zitmo Trojan Variant Eurograbber Beats Two-Factor Authentication to Steal Millions
Online banking customers in Europe are falling victim by the thousands to a new banking Trojan that is infecting Android and BlackBerry devices and is capable of defeating two-factor authentication. The Trojan, dubbed Eurograbber by researchers at Check Point Software Technologies and Verasafe, i...