[SECURITY] Fedora 21 Update: libidn-1.31-1.fc21

GNU Libidn is an implementation of the Stringprep, Punycode and IDNA specifications defined by the IETF Internationalized Domain Names IDN working group, used for internationalized domain names...

HackerOne: Homograph Attack

Hello HackerOne, Fix of Report 29491 and 58612 is incomplete. I found another way to to replicate homograph attack using Hex Code: www.%00ebаy.com www.%01ebаy.com www.%02ebаy.com www.%03ebаy.com www.%04ebаy.com www.%05ebаy.com www.%06ebаy.com www.%07ebаy.com www.%08ebаy.com www.%0Bebаy.com...

HackerOne: Homograph attack

Hello! I would like to report that fix of report 29491 is incomplete. There is another way to reproduce homograph attack: or IDNs are displayed in unicode and there is no encoding into Punycode on external link warning page Thanks! - Matvejs...

SOL16472 - glibc vulnerability CVE-2013-7424

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

HackerOne: homograph attack. IDNs displayed in unicode in bug reports and on external link warning page

the IDN: http://ebаy.com/ is a homograph for the latin ebay.com. if you click that first link, youm might think that you are going to ebay.com. in fact, you are going to a homograph url http://xn--eby-7cd.com/ more info http://www.chromium.org/developers/design-documents/idn-in-google-chrome more...

PHP IDNA Convert 0.8.0 Cross Site Scripting Vulnerability

Cross-site scripting XSS vulnerability in parameters encoded/decoded in the class PHP IDNA Convert allows remote attackers to inject arbitrary web script or HTML. PHP IDNA Convert Cross-site scripting XSS Vendor product description PHP NetIDNA is a class to convert between the Punycode and Unicod...

[IBliss Security Advisory] Cross-site scripting ( XSS ) in PHP IDNA Convert

PHP IDNA Convert Cross-site scripting XSS Vendor product description PHP NetIDNA is a class to convert between the Punycode and Unicode formats. Punycode is a standard described in RFC 3492 and part of IDNA Internationalizing Domain Names in Applications RFC3490 . This class allows PHP scripts to...

PHP IDNA Convert 0.8.0 Cross Site Scripting

PHP IDNA Convert Cross-site scripting XSS Vendor product description PHP NetIDNA is a class to convert between the Punycode and Unicode formats. Punycode is a standard described in RFC 3492 and part of IDNA Internationalizing Domain Names in Applications RFC3490 . This class allows PHP scripts to...

Certain characters may be used for domain name spoofing – Opera Security Advisories

Certain characters may be used for domain name spoofing – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Moderately severe Description Opera uses several approaches to prevent spoofing of internationalized domain names IDN with characters that look similar to each other. With...

Certain characters may be used for domain name spoofing

Opera uses several approaches to prevent spoofing of internationalized domain names IDN with characters that look similar to each other. With untrusted top-level domains, Opera prevents certain combinations of characters from being used in the same part of a domain name as each other, and should...

Mozilla Products IDN Spoofing (CVE-2005-0233)

The Internationalized Domain Names IDN standard defines specifications for the representation of domain names containing non-ASCII characters. The IDN standard has been developed to allow representation of Unicode domain names without depending on alterations to any network infrastructure...

CVE-2009-3049

Opera before 10.00 does not properly display all characters in Internationalized Domain Names IDN in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode...

Code injection

Opera before 10.00 does not properly display all characters in Internationalized Domain Names IDN in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode...

CVE-2009-3049

Opera before 10.00 has an IDN in the address bar display bug that can enable URL spoofing and phishing via Unicode/Punycode handling. The connected advisories/documentation confirm multiple CVEs (including CVE-2009-3049) tied to IDN spoofing vulnerabilities. Practical impact: remote attackers cou...

CVE-2009-3049

Opera before 10.00 does not properly display all characters in Internationalized Domain Names IDN in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode...

Opera may show some incorrect characters in the address bar

Some Unicode characters are treated incorrectly, which might cause international domain names that use them to be shown in the wrong format. Showing these addresses in Unicode instead of punycode could allow for limited address spoofing...

DEBIAN-CVE-2005-0238

The International Domain Name IDN support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks...

CVE-2005-0237

The International Domain Name IDN support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing...

CVE-2005-0237

The International Domain Name IDN support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing...

CVE-2005-0238

The International Domain Name IDN support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks...