1359 matches found
Microsoft Brings HSTS to Windows 7 and 8.1
In the midst of a relatively light Patch Tuesday, Microsoft yesterday introduced an extra measure of security for users running Internet Explorer 11 on Windows 7 and Windows 8.1 machines: HSTS. Short for HTTP Strict Transport Security, HSTS is a browser header that forces any sessions sent over...
PT-2015-6227 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 4.1.2 Description: The issue allows remote attackers to inject arbitrary web script or HTML via a crafted character in a comment, potentially affecting WordPress installations that use MySQL without strict mode. Th...
Debian DSA-3238-1 : chromium-browser - security update
Several vulnerabilities were discovered in the chromium web browser. - CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser. - CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API. - CVE-2015-1237 Khalil Zhani discovered a use-after-fr...
The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the integrity and accessibility of protected information.
The vulnerability of the selinux-policy-strict-2.4.6 package of the Red Hat Enterprise Linux operating system can lead to a breach of the integrity and accessibility of protected information. This vulnerability can be exploited remotely...
Vulnerabilities of the Debian GNU/Linux operating system, which allow a remote attacker to compromise the integrity and accessibility of protected information
The multiple vulnerabilities in the selinux-policy-refpolicy-strict package of the Debian GNU/Linux operating system may lead to a violation of the integrity and accessibility of protected information. These vulnerabilities can be exploited remotely...
[SECURITY] [DSA 3238-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3238-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 26, 2015 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 3238-1 (chromium-browser - security update)
Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser. CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API. CVE-2015-1237 Khalil Zhani discovered a use-after-free iss...
DSA-3238-1 chromium-browser - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3238-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
UBUNTU-CVE-2015-1244
The URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for...
chromium-browser: HSTS bypass in WebSockets
The URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for...
Google Chrome < 42.0.2311.90 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 42.0.2311.90. It is, therefore, affected by multiple vulnerabilities as referenced in the 201504stable-channel-update14 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attacke...
Google Chrome < 42.0.2311.90 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 42.0.2311.90. It is, therefore, affected by multiple vulnerabilities as referenced in the 201504stable-channel-update14 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers...
ruby: permissive certificate verification
After reviewing RFC 6125 and RFC 5280, multiple violations were found of matching hostnames and particularly wildcard certificates. Rubys OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. In particular, matching ...
Ruby OpenSSL Hostname Verification
After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates. Ruby’s OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. In particular, matching o...
Ruby -- OpenSSL Hostname Verification Vulnerability
Ruby Developers report: After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates. Ruby’s OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. I...
CVE-2015-1090
CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security HSTS state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file...
itBit Exchange: ITBit Vulnerable to SSLSTrip
www.itbit.com details: High Level, description It is possible for a malicious user to capture credential information of a www.itbit.com user with the use of SSLStrip. The scenario is that if a user is in a internet cafe and browses the internet while a malicious user intercepts his traffic, the w...
UBUNTU-CVE-2015-0832
Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . dot character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.5...
Mao10CMS v3.0.2 储存型xss
简要描述: rt 详细说明: 过滤不严。 以官网为例。 社区发布新话题 成功加载了js 地址 http://www.mao10.com/post-1772.html 然后用户的cookie就来了。。。 漏洞证明:...