Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities

Binary data 5789.pasl...

phpMyAdmin 3.4.x, 3.4.0 beta 2 &lt;= Stored Cross Site Scripting &#40;XSS&#41; Vulnerability

=================================================================================== phpMyAdmin 3.4.x, 3.4.0 beta 2 = Stored Cross Site Scripting XSS Vulnerability =================================================================================== 1. OVERVIEW The phpMyAdmin web application 3.4.0...

CVE-2010-4312

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie...

Default configuration

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie...

CVE-2010-4312

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie...

CVE-2010-4312

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie...

CVE-2010-4312

CVE-2010-4312 affects Apache Tomcat 6.x; the default configuration omits the HTTPOnly flag in Set-Cookie headers, enabling remote session hijacking via script access to cookies. This vulnerability is tied to the standard Tomcat 6.x deployment and is described as a cookie security flag omission th...

Angel LMS 7.3 Cross Site Scripting

I have discovered a security exploit in Angel LMS 7.3 "Colleges and universities worldwide choose the ANGEL LMS to deliver powerful online teaching and learning experiences. ANGEL provides the comprehensive LMS features institutions need in a simple interface that promotes adoption. A recognized...

Web Application Session Cookies Not Marked HttpOnly

The remote web application uses cookies to track authenticated users. However, one or more of those cookies are not marked 'HttpOnly', meaning that a malicious client-side script such as JavaScript could read them. 'HttpOnly' is a security mechanism to protect against cross-site scripting attacks...

Atlassian JIRA 4.1.x < 4.1.2 Multiple Vulnerabilities

According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is 4.1.x prior to 4.1.2. It is, therefore, potentially affected by multiple vulnerabilities : - Multiple cross-site scripting vulnerabilities exit involving the URL query string passed to...

CVE-2009-3566

McAfee IntruShield Network Security Manager NSM before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting XSS vulnerability...

Cross site scripting

McAfee IntruShield Network Security Manager NSM before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting XSS vulnerability...

CVE-2009-3566

McAfee IntruShield Network Security Manager NSM before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting XSS vulnerability...

CVE-2009-3566

The CVE-2009-3566 issue affects McAfee IntruShield Network Security Manager (NSM) prior to 5.1.11.8.1, where the session ID cookie is issued without the HttpOnly flag, enabling an XSS-based theft of the session cookie and potential remote session hijacking. Source material indicates the vulnerabi...

McAfee Network Security Manager 5.1.7 - Information Disclosure

source: https://www.securityfocus.com/bid/37004/info McAfee Network Security Manager is prone to an information-disclosure vulnerability because it fails to properly protect sensitive cookie data with the 'HTTPOnly' protection mechanism. A successful exploit may allow attackers to steal...

SuSE9 Security Update : Epiphany (YOU Patch Number 12326)

The Mozilla Browser received backports for security problems in 1.8.1.14. The following security issues were fixed : - Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary...

openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-382)

The Mozilla XULRunner engine was updated to version 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin...

openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-383)

The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used t...

openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-383)

The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used t...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-381)

The Mozilla Firefox browser was updated to version 3.0.5, fixing various security issues and stability problems. The following security issues were fixed : MFSA 2008-69 / CVE-2008-5513: Mozilla security researcher mozbugra4 reported vulnerabilities in the session-restore feature by which content...