Google Adds Content Security Policy Support to Gmail

Google has added another layer of security for users of Gmail on the desktop, which now supports content security policy, a standard that’s designed to help mitigate cross-site scripting and other common Web-based attacks. CSP is a W3C standard that has been around for several years, and it’s bee...

CVE-2013-0515: IBM Sterling Secure Proxy insecure cookie

IBM Sterling Secure Proxy CVE-2013-0515 concerns session/sensitive cookies not always receiving the Secure attribute, allowing potential cookie hijacking on HTTP. Affected releases include Sterling Secure Proxy 3.4.1, 3.4.0, 3.3.01, and 3.2.0. Remediation per IBM is to apply the following fixes: ...

CVE-2013-0518

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

Information disclosure

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in 1 an unspecified page title and 2 an unspecified HTTP header field, which allows remote attackers to obtain potentially...

Code injection

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2013-0518

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2013-0519

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in 1 an unspecified page title and 2 an unspecified HTTP header field, which allows remote attackers to obtain potentially...

CVE-2013-0520

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data...

CVE-2013-0520

CVE-2013-0520 affects IBM Sterling Secure Proxy: vulnerable in 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7. The issue allows remote authenticated users to obtain sensitive Java stack traces by sending invalid input. Remediation is ...

CVE-2013-0519

CVE-2013-0519 affects IBM Sterling Secure Proxy 3.2.0, 3.3.01 before 3.3.01.23 iFix 1, 3.4.0 before 3.4.0.6 iFix 1, and 3.4.1 before 3.4.1.7, where the web-server version is disclosed in (1) an unspecified page title and (2) an HTTP header, enabling remote disclosure of a version string. IBM reme...

CVE-2013-0518

IBM Sterling Secure Proxy is affected by CVE-2013-0518 (and related CVEs) where certain 3.2.0, 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 do not refuse rendering in third‑party frames, enabling clickjacking. Affected versions: SSP 3.2.0, 3....

VPSProxy (PHP Secure proxy + GUI)

PHP Secure proxy - программа для туннелирования HTTP/HTTPS трафика через PHP-гейт. На написание меня подтолкнула идея bons'a, в реализации которого не было необходимого мне функционала, и самое главное, GUI. Возможности + Поддержка HTTPS для php-гейтов. + Туннелирование HTTPS трафика добавлено в...

DEBIAN-CVE-2007-5034

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...