McAfee Web Gateway 7.1.5.x - Host HTTP Header Security Bypass

McAfee Web Gateway 7.1.5.x - Host HTTP Header Security Bypass source: https://www.securityfocus.com/bid/53015/info McAfee Web Gateway is prone to a security-bypass vulnerability because it fails to properly enforce filtering rules. A successful attack will allow an attacker to bypass intended...

[SECURITY] Fedora 15 Update: curl-7.21.3-13.fc15

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

DSA-2406-1 icedove - several

Bulletin has no description...

Fedora Update for bip FEDORA-2012-0916

Check for the Version of bip OpenVAS Vulnerability Test Fedora Update for bip FEDORA-2012-0916 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

Mozilla Foundation Security Advisory 2012-02

Mozilla Foundation Security Advisory 2012-02 Title: Overly permissive IPv6 literal syntax Impact: Low Announced: January 31, 2012 Reporter: Gregory Fleischer Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 7.0 Firefox 3.6.26 Thunderbird 7.0 Thunderbird 3.1.18 SeaMonkey 2.4 Description...

Mozilla Foundation Security Advisory 2012-02

Mozilla Foundation Security Advisory 2012-02 Title: Overly permissive IPv6 literal syntax Impact: Low Announced: January 31, 2012 Reporter: Gregory Fleischer Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 7.0 Firefox 3.6.26 Thunderbird 7.0 Thunderbird 3.1.18 SeaMonkey 2.4 Description...

Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (Windows)

The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbmozillaprdtsipv6literalsyntaxinfodiscvulnwin.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products IPv6 Literal Syntax Cross Domain Informatio...

Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability - Windows

Mozilla Firefox/Thunderbird/Seamonkey is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Information disclosure

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and...

CVE-2011-3670

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and...

CVE-2011-3670

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and...

CVE-2011-3670

CVE-2011-3670 affects Firefox prior to 3.6.26 and 4.x–6.0, Thunderbird prior to 3.1.18 and 5.0–6.0, and SeaMonkey prior to 2.4. The issue: improper enforcement of IPv6 literal address syntax, allowing remote attackers to cause information disclosure by reading error messages from XMLHttpRequest c...

Mozilla: Same-origin bypass using IPv6-like hostname syntax (MFSA 2012-02)

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and...

CVE-2011-3670

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and...

Overly permissive IPv6 literal syntax — Mozilla

For historical reasons Firefox has been generous in its interpretation of web addresses containing square brackets around the host. If this host was not a valid IPv6 literal address, Firefox attempted to interpret the host as a regular domain name. Gregory Fleischer reported that requests made...

Debian DSA-2393-1 : bip - buffer overflow

Julien Tinnes reported a buffer overflow in the Bip multiuser IRC proxy which may allow arbitrary code execution by remote users. The oldstable distribution lenny is not affected by this problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Open Source MySQL Injection: sqlsus

sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface, you can retrieve the databases structure, inject your own SQL queries even complex ones, download files from the web server, crawl the website for writable directories, upload and control a...

SMTP Proxy Traffic Detected

Binary data 6231.prm...

SuSE 11.1 Security Update : Apache2 (SAT Patch Number 5344)

This update brings Apache to version 2.2.12. The main reason is the enablement of the Server Name Indication SNI that allows several SSL-enabled domains on one IP address FATE311973. See the SSLStrictSNIVHostCheck directive as documented in /usr/share/apache2/manual/mod/modssl.html.en Also the...

Family Connections CMS 2.5.02.7.1 - less.php Remote Command Execution

Family Connections CMS 2.5.02.7.1 - less.php Remote Command Execution $theme = isset$argv1 ? $argv1 : 'default'; system"clear"; if fileexists"$dir/themes/$theme/style.css" echo "\n themes/$theme/style.css already exists.\n\n"; echo "Overwrite y/n ? "; $handle = fopen "php://stdin","r"; $line =...