1359 matches found
OracleVM 2.2 : ntp (OVMSA-2015-0002)
The remote OracleVM system is missing necessary patches to address critical security updates : - don't generate weak control key for resolver CVE-2014-9293 - don't generate weak MD5 keys in ntp-keygen CVE-2014-9294 - fix buffer overflows via specially-crafted packets CVE-2014-9295 - increase...
Fedora 20 : pyxdg-0.25-5.fc20 (2014-16357)
Fix CVE-2014-1624 pyxdg: TOCTOU race condition in getruntimedir when strict=False Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
OracleVM 2.2 : ntp (OVMSA-2009-0036)
The remote OracleVM system is missing necessary patches to address critical security updates : - fix DoS with mode 7 packets 532639, CVE-2009-3563 - compile with -fno-strict-aliasing %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleV...
Automattic: Missing HSTS header in https://app.simplenote.com
Hi, Vulnerable Website: https://app.simplenote.com I tested the website using firefox add-on called: Strict Transport Security Detector https://addons.mozilla.org/en-US/firefox/addon/strict-transport-security-d/ HSTS addresses the following threats: User bookmarks or manually types...
Factlink: Criptographic Issue: Strisct Transport Security with not good max age..(TOO SHORT!)
Issue: Strict Transport Security with too short max age. Description: Your site use a good "Strict Transport Security" but with short MAX AGE! Severity: See more information below. Proof of Concept by ssllabs.com 100% affidability: "Strict Transport Security HSTS Yes max-age=2592000 TOO SHORT les...
CVE-2013-3046
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests...
Design/Logic Flaw
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests...
Localize: Criptographic Issue: Strisct Transport Security with not good max age..(TOO SHORT!)
Hello again team of Localize! I have already reported this bug to the HackerOne team..and they fix it..not immediately, because it's low priority but they fix it! Report: https://hackerone.com/reports/3709 : Issue: Strict Transport Security with too short max age. Description: Your site use a goo...
WordPress 3.8.2 cookie forgery vulnerability analysis-vulnerability warning-the black bar safety net
0x00 background See the WordPress 3.8.2 patch analysis HMAC timing attack, the eye opener, the original can also use the time difference to determine the HMAC. But I think this vulnerability is not a simple fix to this problem. To view the official information provided by:“the vulnerability is fr...
HackerOne: Criptographic Issue: Strisct Transport Security with not good max age..(TOO SHORT!)
Hello team of HackerOne! I am Simone, and today I will report you a criptographic issue on your site! Issue: Strict Transport Security with too short max age. Description: Your site use a good "Strict Transport Security" but with short MAX AGE! Severity: See more information below. Proof of Conce...
Application there is a file include vulnerability Unix systems-vulnerability warning-the black bar safety net
Found time: Vulnerability type: a file that contains Belongs the establishment of the station program: other Belongs to the server type: General Belongs to the programming language: other Description: The target Unix system, the application may exist in the file containing the vulnerability. 1. T...
Debian Security Advisory DSA 2863-1 (libtar - directory traversal)
A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tarextractglob an...
librsvg2 security update (updated 02/05/2014)
2.26.0-6.3 - Fix add-permission-check.patch to update all rsvgpixbufnewfromhref callers 2.26.0-6.1 - Fix build by linking in -lm - io: Implement strict network policy CVE-2013-1881 Resolves: 1049155 2.26.0-6 - Store node type separately in RsvgNode CVE-2011-3146 Resolves: 735267...
Tor Exit Relay Scanner: Exitmap
Tor is one of the best and freely available privacy software that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship. An exit node, the final destination in the series of servers Tor users hop through...
Yahoo Encryption Slammed for Lack of Forward Secrecy, HSTS
Yahoo, as promised, rolled out HTTPs by default this week for its email service, bringing it in line with other Internet companies that have been securing users’ communication for years. But if Yahoo expected applause from security experts, it can think again. The response from those well-versed ...
PHP < 5.5.2 Session Fixation Vulnerability (Aug 2013)
PHP is prone to a session fixation vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...
ECSHOP latest cookie validation is not strict vulnerability-vulnerability warning-the black bar safety net
This vulnerability is what we in the non-authorization safety assessment when found. Is one ecshop station, by the conventional 0day broke the admin password, but can't open it. So you think, there is no possibility of the ciphertext md5 stored in the cookie to log in. Of course, the above...
Fedora 19 : bzr-2.5.1-11.fc19 (2013-9538)
Fixes CVE-2013-2099, maliciously crafted SSL certificate can cause a denial of service. - Builds the C extensions from the Cython source instead of the pregenerated C files. - Build without strict-aliasing on Fedora versions which have a bug in the python distutils module. - Install the...
Fedora 18 : bzr-2.5.1-11.fc18 (2013-9620)
Fixes CVE-2013-2099, maliciously crafted SSL certificate can cause a denial of service. - Builds the C extensions from the Cython source instead of the pregenerated C files. - Build without strict-aliasing on Fedora versions which have a bug in the python distutils module. - Install the...
Kerry friends of Science and technology cms upload vulnerability and fix-vulnerability warning-the black bar safety net
The program uses the upload page uploadfile. asp not be verified, leading to the establishment of malformations directory upload image the Trojans get a shell vulnerability. exp: the http://www.8090sec.com/admin/uploadfile.asp?uppath=mad.asp&upname=&uptext=form1. mad. asp His original Upload...