Google Chrome 'HTTP session' Information Disclosure Vulnerability - Linux

Google Chrome is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome 'HTTP session' Information Disclosure Vulnerability (MAC OS X)

The host is installed with Google Chrome and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbgooglechromehttpsessioninfodiscvulnmacosx.nasl 6521 2017-07-04 14:51:10Z cfischer $ Google Chrome 'HTTP session' Information Disclosure Vulnerability MAC OS X Authors:...

CVE-2011-3022

translate/translatemanager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2011-3022

translate/translatemanager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2011-3022

Removed by vendor...

CVE-2011-3022

CVE-2011-3022 affects Google Chrome (translation feature): the vulnerable code path is in translate/translate_manager.cc, where an HTTP session used for translation could leak information to an eavesdropper. The vulnerability is described as an information disclosure via the HTTP session. Affecte...

Design/Logic Flaw

The Server Administration Panel in Parallels Plesk Panel 10.2.0build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies us...

Design/Logic Flaw

The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by help.php a...

CVE-2011-4728

The Server Administration Panel in Parallels Plesk Panel 10.2.0build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies us...

SonicWall NSA 4500 Cross Site Scripting / Session Hijacking

While pentesting a a WIFI network on a customer, we found some vulnerabilities in the SonicWall NSA 4500. You can find details here: http://www.pentest.es/vulnssonicpoint.txt -------------------------------------------------- Title: ====== SonicWall products with incompatible MAC spoofing...

Multiple vulnerabilities in SonicWall

While pentesting a a WIFI network on a customer, we found some vulnerabilities in the SonicWall NSA 4500. You can find details here: http://www.pentest.es/vulnssonicpoint.txt -------------------------------------------------- Title: ====== SonicWall products with incompatible MAC spoofing...

CVE-2011-1860

Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to capture HTTP session credentials via unknown vectors...

CVE-2011-1860

Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to capture HTTP session credentials via unknown vectors...

CVE-2011-1860

CVE-2011-1860 affects HP Service Manager (versions 7.02, 7.11, 9.20, 9.21) and HP Service Center 6.2.8. The vulnerability enables remote attackers to capture HTTP session credentials, via unspecified vectors, with a CVSSv2 base score of 5.0 (Network, Low complexity, no authentication, partial con...

HP Service Manager / HP Service Center multiple security vulnerabilities

Uauthorized access, privilege escalation, information leakage, HTTP session hijack, crossite scripting...

[security bulletin] HPSBMA02674 SSRT100487 rev.1 - HP Service Manager and HP Service Center, Unauthorized Remote Access, Unsecured Local Access, Remote Disclosure of Privileged Information, HTTP Session Credential Re-use, Cross Site Scripting (XS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02863015 Version: 1 HPSBMA02674 SSRT100487 rev.1 - HP Service Manager and HP Service Center, Unauthorized Remote Access, Unsecured Local Access, Remote Disclosure of Privileged Information, HTTP...

Default credentials

The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administrator account, which makes it easier for remote attackers to obtain console access via an HTTP session, a different vulnerability than CVE-2010-0214...

CVE-2010-0598

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt HTTP sessions from operator workstations, which allows remote attacker...

CVE-2010-0598

Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt HTTP sessions from operator workstations, which allows remote attacker...

Session fixation

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...