Mozilla Firefox Security Advisories (MFSA2018-02, MFSA2018-03) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

HTTP TRACE Allowed

The HTTP TRACE method allows a client to send a request to the server, and have the same request sent back in the server's response. This allows the client to determine if the server is receiving the request as expected. Often this method is used for debugging purposes e.g. to verify that a reque...

CVE-2016-9848

An issue was discovered in phpMyAdmin. phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

HackerOne: Session hijacking attack

Hi you have Session hijacking attack https://www.owasp.org/index.php/Sessionhijackingattack Yes, you use HttpOnly cookie , but in older browsers bypass such restrictions exist , that does not prevent in theory find this in the future . As you update the site on a daily basis and it is possible to...

Zomato: XSS via modified Zomato widget (res_search_widget.php)

Table of Contents: 1. Short Description of Security Issue 2. Proof of Concept 1. Short Description of Security Issue The widget API endpoint at https://www.zomato.com/widgets/ressearchwidget.php is vulnerable to XSS in the languageid parameter. An attacker can create a web page that includes a...

Multiple Blue Coat Systems SSL Visibility Appliance Product Sensitive Information Vulnerabilities

Blue Coat Systems SSL Visibility Appliance SV800 and others are SSL visibility appliances from Blue Coat Systems, USA, which are at the heart of encrypted traffic management, providing visibility into SSL traffic and supporting the addition of SSL inspection capabilities to advanced threat...

eYou邮件系统邮件正文存储型XSS2(内附eYouXSS影响证明)

简要描述： 新玩意儿，影响Chrome。 在测试这个XSS过程中发现一处很严重的HttpOnly COOKIE泄漏，导致邮件正文型XSS能够获取用户全部COOKIE从而进行登陆。 详细说明： 新玩意儿，影响Chrome。 在测试这个XSS过程中发现一处很严重的HttpOnly COOKIE泄漏，导致邮件正文型XSS能够获取用户全部COOKIE从而进行登陆。内有POC （wooyun上有一些关于eyou邮件正文型XSS的报告，你们给的回应全都是“已有解决方案”、“问题已知，谢谢报告”。然而测试了几所大学的邮件系统，全都没修复，感觉你们是在逗我.....） 漏洞证明：...

SimpleRisk 20130915-01 - Multiple Vulnerabilities

No description provided by source. 1. Advisory Information Title: SimpleRisk v.20130915-01 CSRF-XSS Account Compromise Advisory ID: RS-2013-0001 Date Published: 2013-09-30 2. Vulnerability Information Type: Cross-Site Request Forgery CSRF CWE-352, OWASP-A8, Cross-Site Scripting XSS CWE-79, OWASP-...

Apache HTTPD Error Code 400 httpOnly Cookie Handling Information Disclosure (CVE-2012-0053)

An information disclosure vulnerability has been reported in Apache HTTPD server...

Web Server HttpOnly Cookies Not In Use

Binary data 5799.prm...

[BMSA-2009-01] Authentication bypass in Interspire Shopping Cart v4.0.1 and below

BLUE MOON SECURITY ADVISORY 2009-01 =================================== :Title: Authentication bypass in Interspire Shopping Cart :Severity: Critical :Reporter: Truong Van Tri and Blue Moon Consulting :Products: Interspire Shopping Cart v4.0.1 Ultimate edition :Fixed in: v4.0.2 Description...