Fedora 25 : 1:dovecot (2017-6ef28e38d6)

quota: Add plugin quotamaxmailsize setting to limit the maximum individual mail size that can be saved. + imapc: Add imapcfeatures=delay-login. If set, connecting to the remote IMAP server isn't done until it's necessary. + imapc: Add imapcconnectionretrycount and imapcconnectionretryinterval...

Zabbix Proxy Server SQL Database Write Vulnerability

Summary An exploitable database write vulnerability exists in the trapper functionality of Zabbix Server 2.4.X . Specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker set up a Man-in-the-Middle server to alter trapper requests made between ...

Evilginx - MITM Attack Framework [Advanced Phishing With Two-factor Authentication Bypass]

Evilginx is a man-in-the-middle attack framework used for phishing credentials and session cookies of any web service. It's core runs on Nginx HTTP server, which utilizes proxypass and subfilter to proxy and modify HTTP content, while intercepting traffic between client and server. You can learn...

Orbot: Proxy with Tor - Exported components, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Orbot: Proxy with Tor published at the 'play' market has multiple vulnerabilities...

Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (CVE-2016-6816) - Active Check

Apache Tomcat is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"...

Database Firewall: DBShield

Database Firewall DBShield is a Database Firewall written in Go that has protection for MySQL/MariaDB, Oracle and PostgreSQL databases. It works in a proxy fashion inspecting traffic and dropping abnormal queries after a learning period to populate the internal database with regular queries. For...

The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506

The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery SSRF. This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344...

CVE-2016-6816

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a...

Moderate: Red Hat Security Advisory: tomcat6 security update

An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

VPN Unlimited-Best VPN Proxy - Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application VPN Unlimited-Best VPN Proxy published at the 'play' market has multiple vulnerabilities...

DEBIAN-CVE-2017-6410

kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL potentially including Basic Authentication credentials, a query string, or PATHINFO, which allows remote attackers to obtain sensitive information via a crafted PAC file...

[SECURITY] Fedora 24 Update: iio-sensor-proxy-2.1-1.fc24

IIO accelerometer sensor to input device proxy...

Suspicious Proxy Auto-Config File

An attacker can force browsers to use a malicious .pac file, and redirect traffic to a fake site. A successful attack might result in loss of data or connection hijack...

tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests

It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP...

Scientific Linux Security Update : squid on SL7.x x86_64 (20170124)

Security Fixes : - It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections...

Moderate: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CentOS Update for java CESA-2017:0061 centos6

Check the version of java SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882630";...

Debian Security Advisory DSA 3745-1 (squid3 - security update)

Saulius Lapinskas from Lithuanian State Social Insurance Fund Board discovered that Squid3, a fully featured web proxy cache, does not properly process responses to If-None-Modified HTTP conditional requests, leading to client-specific Cookie data being leaked to other clients. A remote attacker...

CVE-2016-10002

It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections...

Asterisk SIP Channel Authentication Bypass (AST-2016-009)

According to its SIP banner, the version of Asterisk running on the remote host is 11.x prior to 11.25.1, 13.x prior to 13.13.1, 14.x prior to 14.2.1, 11.6 prior to 11.6-cert16, or 13.8 prior to 13.8-cert4. Is it, therefore, affected by an authentication bypass vulnerability in the chansip channe...