CVE-2009-3584

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Zeroboard 4.1 pl7 Code Execution

/ poc by kyoungchip,jang email : [email protected] the bug - http://www.xpressengine.com/15955761 Application - Zeroboard 4.1 pl7 Reference: - http://www.nzeo.com - Zeroboard pregreplace vulnerability Remote nobody exploit by n0gada Target - My test server $ ./zbexpl...

Sun Java System Delegated Administrator 6.x - HTTP Response Splitting

source: https://www.securityfocus.com/bid/34643/info Sun Java System Delegated Administrator is prone to an HTTP response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to influence or misrepresent how web content is served,...

Sun Java System Delegated Administrator 6.x - HTTP Response Splitting

Sun Java System Delegated Administrator 6.x - HTTP Response Splitting source: https://www.securityfocus.com/bid/34643/info Sun Java System Delegated Administrator is prone to an HTTP response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can...

Default credentials

The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and 1 monitor or 2 control the module's Modbus/TCP I/O activity...

CVE-2008-5848

The CVE-2008-5848 entry concerns the Advantech ADAM-6000 module which ships with a default password of 00000000. This default credential enables remote attackers to gain access via an HTTP session and, from there, monitor or control the module’s Modbus/TCP I/O activity. The connected sources conf...

CVE-2008-5848

The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and 1 monitor or 2 control the module's Modbus/TCP I/O activity...

CVE-2008-5343

Vulnerability GIFAR (CVE-2008-5343) affects Java Web Start (JWS) and Java Plug-in in Sun JDK/JRE 6u10 and earlier, JDK/JRE 5.0u16 and earlier, and SDK/JRE 1.4.2_18 and earlier. A crafted file that validates as both GIF and Java JAR can allow remote attackers to make unauthorized network connectio...

Cross site scripting

Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking."...

Cross site scripting

Microsoft Internet Explorer allows web sites to set cookies for domains that have a public suffix with more than one dot character, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." NOTE: this issue may exist becaus...

CVE-2008-3173

Microsoft Internet Explorer allows web sites to set cookies for domains that have a public suffix with more than one dot character, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." NOTE: this issue may exist becaus...

CVE-2008-3170

Technical details about CVE-2008-3170 are not publicly available in the provided connected documents; monitor for updates.

Microsoft Security Bulletin MS08-039 – Important Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)

Microsoft Security Bulletin MS08-039 – Important Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege 953747 Published: July 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in...

Citrix Access Gateway information leak

HTTP session cookie is passed through HTTP GET request parameters, making it possible to leak it value thorugh Referer: field or in the browsing history...

Who control our browser-vulnerability warning-the black bar safety net

1 phenomenon? From about the beginning of this year, a lot of people will find, when browsing some websites, the address bar url will be somehow plus“? curtime=xxxxxxxxxx”is x is the number, and pop-up advertising window. A lot of people think this is the site your own pop-up advertising, also di...

Cross-site achieve HTTP session hijacking-vulnerability warning-the black bar safety net

A Web application is by 2 ways to determine and keep track of different users: a Cookie or Session also called session-Cookie is. Wherein the Cookie is stored on the local computer, the expiration time is very long, so for the Cookie of the means of attack is generally to steal user Cookies and...

clamav -- MS-Expand file handling DoS vulnerability

An iDEFENSE Security Advisory reports: Remote exploitation of an input validation error in Clam AntiVirus ClamAV allows attackers to cause a denial of service condition. The vulnerability specifically exists due to improper behavior during exceptional conditions. Successful exploitation allows...

CVE-2004-0462

The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server...

CVE-2004-1478

JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session...

CVE-2004-1478

JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session...