PT-2015-5470 · Pcs +2 · Pcs +2

Name of the Vulnerable Software and Affected Versions: PCS versions 0.9.137 and earlier Description: The issue concerns the pcs daemon pcsd in PCS, where it fails to set the secure flag for a cookie in an https session. This oversight makes it easier for remote attackers to capture the cookie by...

Untrusted site hosting trusted page can intercept webchannel responses — Mozilla

Mozilla developer Mark Hammond reported a flaw in how WebChannel.jsm handles message traffic. He found that when a trusted page is hosted within an on an untrusted third-party untrusted framing page, the untrusted page could intercept webchannel responses meant for the trusted page, bypassing...

Zhejiang Dahua camera has authentication vulnerability

Zhejiang Dahua Technology Co., Ltd. is a leading supplier of surveillance products and solution service providers, providing leading video storage, front-end, display control and intelligent transportation series of products for the world. A man-in-the-middle attack-based authentication...

Siemens HomeControl for Room Automation for Android SSL Certificate Man-in-the-Middle Attack Vulnerability

Siemens HomeControl for Room Automation for Android is an Android-based home automation control software. Siemens HomeControl for Room Automation for Android fails to properly validate X.509 certificates, which allows spoofing of TLS/SSL servers via forged certificates and can be exploited by...

The vulnerability of Google Chrome browser allows a malicious intruder to gain access to protected information.

The vulnerability of Google Chrome’s URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc lies in the absence of replacing the ws scheme with wss when using the HSTS policy a mechanism for enforcing HTTPS use. As a result, attackers who monitor traffic can gain access to protected...

Grindr for iOS Session Token Remote Password Manipulation Vulnerability

Grindr for iOS is GPS based mobile app. A security vulnerability in the Grindr for iOS reset password feature allows attackers to exploit the vulnerability to intercept session tokens, change email values, and reset passwords...

Google Research Reveals Profitable, Pervasive Ad Injector Ecosystem

More than five percent of all unique IP addresses accessing Google sites included some kind of ad injector software, and there are more than 50,000 of those injector browser extensions in use today, according to new research from Google. The company conducted the research over the course of sever...

novnc session hijacking vulnerability-vulnerability warning-the black bar safety net

Affected system: github noVNC 0.5 Description: -------------------------------------------------------------------------------- CVECAN ID: CVE-2 0 1 3-7 4 3 6 noVNC is a HTML5 Canvas and WebSockets implemented a browser-based VNC client. noVNC 0.5 before the version without the https session...

novnc: session hijack through insecurely set session token cookies

It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack...

Is this vulnerability? The researchers accused the world's largest Dating site Match login pages not using HTTPS-bug warning-the black bar safety net

! American researcher Scott Bryner pointed out, the world's largest Dating website, Match. com login page don't for any reason by HTTPS jump for HTTP, which means that the transmission of user passwords not protected by encryption, and this problem has been there for weeks and no one attention...

Android IMSI-Catcher Detector: AIMSICD

AIMSICD is an app to detect IMSI-Catchers . IMSI-Catchers are false mobile towers base stations acting between the target mobile phones and the real towers of service providers. As such they are considered a Man-In-The-Middle MITM attack. In the USA the IMSI-Catcher technology is known under the...

novnc: session hijack through insecurely set session token cookies

It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack...

novnc: session hijack through insecurely set session token cookies

It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack...

Microsoft Windows NTLM automatically authenticates via SMB when following a file:// URL

Overview Software running on Microsoft Windows that utilizes HTTP requests can be forwarded to a file:// protocol on a malicious server, which causes Windows to automatically attempt authentication via SMB to the malicious server in some circumstances. The encrypted form of the user's credentials...

CVE-2013-7436

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

DEBIAN-CVE-2013-7436

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

UBUNTU-CVE-2013-7436

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2013-7436

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2013-7436

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...