Authentication flaw

The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file...

CVE-2014-1664

The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file...

CVE-2014-1664

The CVE-2014-1664 entry concerns Citrix GoToMeeting for Android version 5.0.799.1238, which logs HTTP requests containing sensitive data. The underlying issue is information disclosure via logs read by other Android apps with system log access, enabling leakage of user IDs, meeting details, and a...

GoToMeeting Information Disclosure

ADVISORY INFORMATION ======================== Title: GoToMeeting Information Disclosure via Logging Output Android CVE: CVE-2014-1664 CVE Information: ASSIGNED Date published: PUBLIC Date of last update: 01/23/2014 Vendor Contacted: Citrix Release mode: Coordinated Release 2. VULNERABILITY...

CVE-2013-5054

Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability."...

Design/Logic Flaw

Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability."...

CVE-2013-5054

CVE-2013-5054 affects Microsoft Office 2013 and 2013 RT. The vulnerability is an information disclosure where remote attackers can gain authentication tokens by exploiting a flaw in how Office handles specially crafted responses to file-open requests on a malicious website. The issue is described...

CVE-2013-5054

Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability."...

VulnCheck KEV: CVE-2013-5054

Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability."...

Quick Paypal Payments 3.0 - Presistant XSS (0day)

Exploit for php platform in category web applications TITLE ===== Quick Paypal Payments - Persistent Cross Site Scripting Vulnerability AUTHOR ====== Zy0d0x BLOG ==== https://zy0d0x.com DATE ==== 10/08/2013 VENDOR ====== Quick Plugins - http://quick-plugins.com/ AFFECTED PRODUCT ================...

Mozilla: Content Security Policy 1.0 implementation errors cause data leakage (MFSA 2012-53)

The Content Security Policy CSP functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violatio...

Face.com Fixes Flaw to Prevent Facebook and Twitter Hijacks

A significant flaw in the Face.com mobile application KLIK has been fixed to prevent Facebook and Twitter users from having their accounts hijacked. KLIK is a camera app that uses face recognition to tag friends in Facebook photos in real time. It also apparently granted access to KLIK users’...

Android phones vulnerable to hackers !

Android phones vulnerable to hackers ! Handsets using Google's operating system can allow hackers to access calendars, contacts and private pictures, they claim. Only the latest phones have had the data leak plugged, meaning 99.7 per cent of Android handsets are vulnerable. 'We wanted to know if ...

Twitter needs a top-down security rethink

Twitter co-founder Biz Stone says the company “takes security very seriously” but the details behind the micro-blogging site’s recent hack shows that Twitter is light years away from having the most basic security controls in place. French hacker gains access to Twitter’s admin panel Here’s the...

[Full-disclosure] SEC Consult SA-20051202-1 :: GMX Webmail XSS

========================================================== SEC-CONSULT Security Advisory 20051202-0 GMX / MSIE XSS ========================================================== Product: GMX Webmail V ?.? in combination with MSIE maybe other browsers Remarks: no other Versions tested but very likely...

CVE-2005-0358

EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token...

CVE-2005-0358

EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token...

CVE-2005-2306

Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users...