631 matches found
Intercepting proxy servers may incorrectly rely on HTTP headers to make connections
Overview Proxy servers running in interception mode "transparent" proxies that make connection decisions based on HTTP header values may be used by an attacker to relay connections. Description HTTP Host Headers are defined in RFC 2616 and are often used to by web servers to allow multiple websit...
EFS encryption techniques of conceptual analysis and a decryption pass-vulnerability warning-the black bar safety net
EFSEncrypting File System, Encrypting File Systemencryption is based on the NTFS disk art encryption technology. EFS encryption is based on Public Key Policies. Using EFS to encrypt a file or folder, the system will first generate a pseudo-random number consisting of a FEKFile Encryption Key file...
GLSA-200704-17 : 3proxy: Buffer overflow
The remote host is affected by the vulnerability described in GLSA-200704-17 3proxy: Buffer overflow The 3proxy development team reported a buffer overflow in the logurl function when processing overly long requests. Impact : A remote attacker could send a specially crafted transparent request to...
3proxy buffer overflow
Buffer overflow on parsing transparent HTTP proxy request...
Spoofing using custom cursor and CSS3 hotspot — Mozilla
David Eckel reported that browser UI elements--such as the host name and security indicators--could be spoofed by using a large, mostly transparent, custom cursor and adjusting the CSS3 hotspot property so that the visible part of the cursor floated outside the browser content area...
Technical note: under some conditions, it's possible to steal HTTP credentials using Flash
Technical note: under some conditions, it's possible to steal HTTP credentials using Flash requires IE + some transparent proxies or virtual hosting The method described here is pretty simple. It works though only on HTTP not HTTPS credentials. Also, it works only when the client browses using IE...
Governs the granting of leave true when True also false-the“real”IP security risks-vulnerability warning-the black bar safety net
Let us look at the ASP code first: Function getIP Dim strIPAddr as string If Request. ServerVariables"HTTPXFORWARDEDFOR" = "" OR InStrRequest. ServerVariables"HTTPXFORWARDEDFOR", "unknown" 0 Then strIPAddr = Request. ServerVariables"REMOTEADDR" ElseIf InStrRequest...
Governs the granting of leave true when True also false—the“real”IP brings security risks-vulnerability warning-the black bar safety net
Author: lake2, http://lake2.0x54.org Let us look at the ASP code first: | Function getIP Dim strIPAddr as string If Request. ServerVariables"HTTPXFORWARDEDFOR" = "" OR InStrRequest. ServerVariables"HTTPXFORWARDEDFOR", "unknown" 0 Then strIPAddr = Request. ServerVariables"REMOTEADDR" ElseIf...
Default configuration
The transparent proxy feature of the Cisco Application Velocity System AVS 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy arbitrary TCP connections, aka Bug ID CSCsd32143...
CVE-2006-2322
The transparent proxy feature of the Cisco Application Velocity System AVS 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy arbitrary TCP connections, aka Bug ID CSCsd32143...
CVE-2006-2322
The CVE-2006-2322 entry describes a vulnerability in Cisco Application Velocity System (AVS) where the default configuration of AVS 3110 (versions 5.0 and 4.0 and earlier) and AVS 3120 (5.0.0 and earlier) allows remote attackers to proxy arbitrary TCP connections via the transparent proxy feature...
CVE-2006-2322
The transparent proxy feature of the Cisco Application Velocity System AVS 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy arbitrary TCP connections, aka Bug ID CSCsd32143...
Cisco Application Velocity System TCP port relaying
Default configuration allows any TCP port to be accessed with transparent HTTP proxy request...
Ubuntu 4.10 / 5.04 / 5.10 : mozilla-firefox, firefox vulnerabilities (USN-271-1)
Web pages with extremely long titles caused subsequent launches of Firefox browser to hang for up to a few minutes, or caused Firefox to crash on computers with insufficient memory. CVE-2005-4134 Igor Bukanov discovered that the JavaScript engine did not properly declare some temporary variables...
CVE-2006-1736
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes...
Downloading executables with "Save Image As..." — Mozilla
By layering a transparent image link to an executable on top of a visible and presumably desirable image a malicious site might be able to convince some visitors to right-click and choose "Save image as..." from the context menu and fool them by giving them the executable instead. When the users...
NuFW transparent firewall DoS
Service crash on packet parsing, hangs on TLS traffic flood...
Buffer overflow
Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTHALTERSESSION attribute in the authentication phase of t...
Oracle Transparent Data Encryption master encryption key stored as plaintext
Overview Oracle Transparent Data Encryption master encryption key is stored as plaintext, which could allow an attacker to decrypt and read sensitive information within the database. Description Transparent Data Encryption TDE According to Oracle, Transparent Data Encryption "allows customers to...
CVE-2006-0270
Unspecified vulnerability in the Transparent Data Encryption TDE Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without...