Lucene search
K

201 matches found

Kitploit
Kitploit
added 2015/05/07 9:17 p.m.20 views

Double the bang for your buck with Acunetix Vulnerability Scanner

Acunetix have announced that they are extending their current free offering of the network security scan, part of their cloud-based web and network vulnerability scanner. Those signing up for a trial of the online version of Acunetix vulnerability scanner will now be able to scan their perimeter...

7.9AI score
Exploits0
CNVD
CNVD
added 2015/05/03 12:0 a.m.2 views

cURL and libcurl Default Configuration HTTP Headers Sending Vulnerability

cURL is a command-line file transfer tool that supports FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP protocols. libcurl for a free open source , client-side url transfer library . cURL and libcurl default configuration will send custom HTTP header field information to the proxy and...

5CVSS6.7AI score0.07538EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/05/01 3:0 p.m.23 views

CVE-2015-3153

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents...

6.4AI score0.07538EPSS
Exploits0References14
Debian CVE
Debian CVE
added 2015/05/01 3:0 p.m.35 views

CVE-2015-3153

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents...

5CVSS8.5AI score0.07538EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2015/04/29 12:0 a.m.23 views

CVE-2015-3153

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents...

5CVSS7.1AI score0.07538EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/03/09 12:0 a.m.40 views

CVE-2015-1229

net/http/proxyclientsocket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 aka Proxy Authentication Required HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...

6.1AI score0.00949EPSS
Exploits0References7
Cvelist
Cvelist
added 2015/01/14 11:0 a.m.38 views

CVE-2014-8639

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...

9.4AI score0.01902EPSS
Exploits0References39
UbuntuCve
UbuntuCve
added 2015/01/14 12:0 a.m.31 views

CVE-2014-8639

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...

6.8CVSS7AI score0.01902EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2015/01/08 11:41 a.m.9 views

FBI Director: 'High Confidence' in North Korea Attribution

When the FBI publicly announced that the North Korean regime was responsible for an embarrassing compromise of corporate networks at Sony Pictures Entertainment, security experts remained skeptical. FBI Director James Comey doubled down on the assertion yesterday at the Fordham University...

6.8AI score
Exploits0References6
ThreatPost
ThreatPost
added 2014/12/17 10:32 a.m.13 views

Google Adds Content Security Policy Support to Gmail

Google has added another layer of security for users of Gmail on the desktop, which now supports content security policy, a standard that’s designed to help mitigate cross-site scripting and other common Web-based attacks. CSP is a W3C standard that has been around for several years, and it’s bee...

6.7AI score
Exploits0References7
Fedora
Fedora
added 2014/12/01 7:7 p.m.33 views

[SECURITY] Fedora 19 Update: wget-1.16-3.fc19

GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...

9.3CVSS1AI score0.39883EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2014/08/01 12:0 a.m.93 views

IBM WebSphere Application Server 7.0 < Fix Pack 33 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 prior to Fix Pack 33 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote...

7.8CVSS8.4AI score0.96121EPSS
Exploits16References24
The Hacker News
The Hacker News
added 2014/02/28 11:40 p.m.14 views

Tor Instant Messaging Bundle - A New Anonymous and Encrypted messaging Software

We are living in an era of Mass Surveillance, conducted by the Government Agencies like the NSA and GCHQ, and we ourselves gave them an open invitation as we all have sensors in our pockets that track us everywhere we go i.e. Smartphone. Encryption and security are more important today than any...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/04/20 12:0 a.m.33 views

Mandriva Linux Security Advisory : stunnel (MDVSA-2013:130)

Updated stunnel packages fix security vulnerability : stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a...

6.6CVSS8.5AI score0.02932EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2013/04/05 4:17 p.m.14 views

Shylock Trojan Going Global with New Features, Resilient Infrastructure

The prolific, credential-stealing Shylock banking Trojan is growing increasingly sophisticated as its creators continue adding new modules and functionalities to the man-in-the-browser malware, according to a Symantec report. To this point, Shylock has made its money via man-in-the-browser attack...

1AI score
Exploits0References1
ThreatPost
ThreatPost
added 2013/03/27 12:54 p.m.9 views

Attackers Shifting to Delivering Unknown Malware Via FTP and Web Pages

The bulk of “unknown” malware is being delivered to systems via Web-based attacks, proxies and FTP sessions, according to a study released by Palo Alto Networks this week. The study dubbed “The Modern Malware Review,” found more than 26,000 malware samples, and focuses on what the firm calls...

0.5AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2013/03/08 6:55 p.m.26 views

CVE-2013-1762

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow...

6.6CVSS7.8AI score0.02932EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/03/08 6:0 p.m.15 views

CVE-2013-1762

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow...

7.6AI score0.02932EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2013/01/23 7:21 p.m.12 views

Three Charged with Creating, Distributing Gozi Banking Malware

Charges will be brought today in the U.S. District Court for the Southern District of New York against three men allegedly involved with creating and distributing the Gozi banking Trojan. Gozi infected more than a million computers worldwide, including a handful at NASA, leading to tens of millio...

0.9AI score
Exploits0References3
ThreatPost
ThreatPost
added 2012/12/06 5:30 p.m.12 views

Zitmo Trojan Variant Eurograbber Beats Two-Factor Authentication to Steal Millions

Online banking customers in Europe are falling victim by the thousands to a new banking Trojan that is infecting Android and BlackBerry devices and is capable of defeating two-factor authentication. The Trojan, dubbed Eurograbber by researchers at Check Point Software Technologies and Verasafe, i...

0.9AI score
Exploits0References4
Rows per page
Query Builder