FS-NyarL - Network Takeover & Forensic Analysis Tool

NyarL it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony. It's represent Crawling Chaos and FS-NyarL it's The Crawling Chaos of Cyber Security :- A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit - but use it at...

CVE-2014-2871

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the network...

Design/Logic Flaw

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the network...

[FS-NyarL] A network takeover & forensic analysis tool

NyarL it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony. It's represent Crawling Chaos and FS-NyarL it's The Crawling Chaos of Cyber Security :- A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit - but use it at...

CVE-2013-4964

Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2013-4964

Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2013-2242

mod/chat/guisockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access...

CVE-2013-0529

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Authentication flaw

IBM WebSphere Application Server WAS Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session...

CVE-2013-0540

IBM WebSphere Application Server WAS Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session...

CVE-2012-5368

phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting XSS attacks by modifying this code...

Cross site scripting

phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting XSS attacks by modifying this code...

Security Advisory-HTTP Session Management Vulnerability in HTTP Module

Branch Intelligent Management System BIMS and Web management is provided by Huawei for network and device management. Both BIMS and Web management use HTTP. Therefore, to use BIMS and Web management, you must enable HTTP. Because HTTP session ID generation is weak and predictable, an attacker can...

CVE-2012-1288

The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session...

Hardcoded credentials

The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session...

CVE-2012-1288

The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session...

Google Chrome 'HTTP session' Information Disclosure Vulnerability (Windows)

The host is installed with Google Chrome and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbgooglechromehttpsessioninfodiscvulnwin.nasl 5963 2017-04-18 09:02:14Z teissa $ Google Chrome 'HTTP session' Information Disclosure Vulnerability Windows Authors: Madhur...

Google Chrome 'HTTP session' Information Disclosure Vulnerability (Linux)

The host is installed with Google Chrome and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbgooglechromehttpsessioninfodiscvulnlin.nasl 6521 2017-07-04 14:51:10Z cfischer $ Google Chrome 'HTTP session' Information Disclosure Vulnerability Linux Authors: Madhur...

Google Chrome 'HTTP session' Information Disclosure Vulnerability - Windows

Google Chrome is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome 'HTTP session' Information Disclosure Vulnerability - Mac OS X

Google Chrome is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...