openSUSE Security Update : python-Twisted (openSUSE-2016-1482)

This update for python-Twisted fixes the following issues : - No longer automatically export the httpproxy environment variable to avoid the proxy being trusted by unaware applications, if a Proxy request header is supplied boo989997, CVE-2016-1000111 %NASLMINLEVEL 70300 C Tenable Network Securit...

Burp Suite Professional 1.7.14 - The Leading Toolkit for Web Application Security Testing

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security...

Design/Logic Flaw

A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to cause a denial of service DoS vulnerability due to the proxy process unexpectedly restarting. More Information: CSCvb04312. Known Affected Releases: 9.0.1-1...

CVE-2016-9938

An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chansip channel driver has a liberal definition for whitespace when attempting to strip the content betwe...

Authentication flaw

An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chansip channel driver has a liberal definition for whitespace when attempting to strip the content betwe...

CVE-2016-9938

CVE-2016-9938 affects Asterisk Open Source chan_sip: improper stripping of non‑printable ASCII whitespace between SIP header name and a colon allows certain To/header combinations to bypass authentication when used with an authenticating SIP proxy. Affected: 11.x < 11.25.1, 13.x < 13.13.1, ...

CVE-2016-9938

An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chansip channel driver has a liberal definition for whitespace when attempting to strip the content betwe...

Updated tomcat package fixes security vulnerabilities

The code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could...

DEBIAN-CVE-2016-6624

An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the...

ALPINE-CVE-2016-6624

An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the...

UBUNTU-CVE-2016-6624

An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the...

Asterisk Authentication Bypass Vulnerability (AST-2016-009)

Asterisk is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk"; if...

Extremely Fast Flexible Web Fuzzer: Filebuster

Extremely Fast Flexible Web Fuzzer Filebuster was built based on one of the fastest HTTP classes in the world of PERL – Furl::HTTP. Also the thread modelling is a bit optimized to run as fast as possible. Features It packs a ton of features like: The already mentioned Regex patterns Supports...

Vproxy - Forward HTTP/S Traffic To Proxy Instance

If you are familiar with mobile penetration testing and you did one before, you probably came across this kind of situation when you want to intercept the application HTTP or HTTPS traffic using your favorite proxy tool such as Burp Suite, Fiddler, Charles , etc. After modifying the WIFI connecti...

CVE-2016-6816

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a...

Easy Internet Sharing Proxy Server 2.2 - Remote Overflow (SEH) (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Easy Internet Sharing Proxy Server 2.2 SEH buffer Overflow', 'Description' = %q This module exploits a SEH buffer overflow in t...

java security update

CentOS Errata and Security Advisory CESA-2016:2658 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

Peanut shell security vulnerability-vulnerability warning-the black bar safety net

The official believes that this is not a vulnerability,I think the vulnerability is that you can use the target the peanut shell the user's network environment,and get the other peanut bar SN,reset,and then through the other method of entering their account number, and so on. Even cancel out the...

Microsoft Edge - Spread Operator Stack Overflow (MS16-119)

Microsoft Edge - Spread Operator Stack Overflow MS16-119 GetLength destArgs.Info.Count AssertMsgfalse, "The array length has changed since we allocated the destArgs buffer?"; Throw::FatalInternalError; for uint32 j = 0; j GetLength; j++ Var element; if !arr-DirectGetItemAtFullj, &element element ...

Microsoft Edge - Spread Operator Stack Overflow (MS16-119)

GetLength destArgs.Info.Count AssertMsgfalse, "The array length has changed since we allocated the destArgs buffer?"; Throw::FatalInternalError; for uint32 j = 0; j GetLength; j++ Var element; if !arr-DirectGetItemAtFullj, &element element = undefined; destArgs.ValuesargsIndex++ = element; When...