CVE-2013-2070

http/modules/ngxhttpproxymodule.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxypass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service crash and obtain sensitive information from worker process memory via a crafted proxy response, a simila...

Amazon 1Button App for Chrome, Firefox Leaks Private Data

Amazon 1Button, a browser add-on that provides users with easy access to the Amazon online marketplace, is leaking private information like a sieve, according to a security researcher. Krzysztof Kotowicz, a researcher specializing in Web security, said the app reports every URL to visit to...

[SECURITY] Fedora 18 Update: curl-7.27.0-10.fc18

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

CVE-2013-0096

Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."...

maccms stored xss analysis-vulnerability warning-the black bar safety net

Team:c0deplay gbk utf8 the latest version of storagexss analysis The problem plus/comment/index.php page Comments Add Features function add // Here can actually use wide characters sql injectiondidn't follow up $ccontent= iconv 'UTF-8', 'gb2312//IGNORE' , $ccontent; $cname =...

[Viproy] VoIP Penetration Testing Kit

Viproy Voip Pen-Test Kit is developed to improve quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 7 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and...

Google Active Directory Sync (GADS) Tool 3.1.3 Information Disclosure

Sense of Security - Security Advisory - SOS-13-001 Release Date. 03-Apr-2013 Last Update. - Vendor Notification Date. 03-Sep-2012 Product. Google Active Directory Sync GADS Tool Platform. Windows, Linux, Solaris Affected versions. All versions up to 3.1.3 Severity Rating. High Impact. Exposure of...

CVE-2013-2503

Privoxy before 3.0.21 does not correctly handle Proxy-Authenticate and Proxy-Authorization headers, enabling a remote HTTP server to spoof the intended proxy service via a 407 status. Connected advisories show OpenSUSE/SUSE patches bringing Privoxy to 3.0.21 to fix CVE-2013-2503, confirming the v...

Important: Red Hat Security Advisory: Subscription Asset Manager 1.2 update

Red Hat Subscription Asset Manager 1.2, which fixes several security issues, multiple bugs, and adds various enhancements, is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which gi...

SeaMonkey Multiple Vulnerabilities -01 (Feb 2013) - Windows

SeaMonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Thunderbird Multiple Vulnerabilities -01 (Feb 2013) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Thunderbird Multiple Vulnerabilities -01 (Feb 2013) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

dovecot: proxy destination host name not checked against SSL certificate name

Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name CN of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers...

Firefox 19 Fixes HTTPS Phishing Issue, Adds Built-In PDF Viewer

Mozilla has released Firefox 19, the latest version of its flagship browser, which includes not only fixes for a number of serious security vulnerabilities but also a built-in PDF viewer. The native PDF viewer in Firefox could help protect against some of the ongoing attacks that use...

devhelp, firefox, libproxy, xulrunner, yelp security update

CentOS Errata and Security Advisory CESA-2013:0271 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVS...

CVE-2013-0776

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web...

Phishing on HTTPS connection through malicious proxy — Mozilla

Google security researcher Michal Zalewski reported an issue where the browser displayed the content of a proxy's 407 response if a user canceled the proxy's authentication prompt. In this circumstance, the addressbar will continue to show the requested site's address, including HTTPS addresses...

Fedora Update for squid FEDORA-2013-1616

Check for the Version of squid OpenVAS Vulnerability Test Fedora Update for squid FEDORA-2013-1616 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

[SECURITY] Fedora 18 Update: squid-3.2.5-2.fc18

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

CVE-2013-1451

Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted...