CVE-2014-0905

The vulnerability CVE-2014-0905 affects IBM InfoSphere BigInsights Console (Versions 2.0–2.1.2). The root cause is that the LTPA cookie does not set the Secure attribute in HTTPS sessions, allowing a man‑in‑the‑middle to intercept potentially sensitive cookies transmitted over non-HTTP (insecure)...

CVE-2014-0905

IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2014-3853

Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2014-3853

Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Dolibarr CMS 3.5.3 - Multiple Security Vulnerabilities

No description provided by source. Vulnerability Name: SQL injection Severity: Critical URL: http://localhost/dolibarr/user/fiche.php Affected Users: All authenticated users Issue details: The "entity" parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in th...

Dolibarr CMS 3.5.3 SQL Injection / Cross Site Scripting

Vulnerability Name: SQL injection Severity: Critical URL: http://localhost/dolibarr/user/fiche.php Affected Users: All authenticated users Issue details: The "entity" parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the entity parameter, and a database...

Dolibarr ERPCRM 3.5.3 - Multiple Vulnerabilities

Dolibarr ERPCRM 3.5.3 - Multiple Vulnerabilities Vulnerability Name: SQL injection Severity: Critical URL: http://localhost/dolibarr/user/fiche.php Affected Users: All authenticated users Issue details: The "entity" parameter appears to be vulnerable to SQL injection attacks. A single quote was...

Intel InBusiness eMail Station 1.4.87 Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1844/info A buffer overflow exists in the Intel InBusiness eMail Station, a dedicated email device. When attempting to establish a connection, the username submitted to the device is not properly filtered for length. By...

PHP File Sharing System 1.5.1 - Multiple Vulnerabilities

No description provided by source. Title: PHP File Sharing System 1.5.1 Multiple Vulnerabilities Author: blake Tested on: Windows XP SP3 with xampplite 1 XSS http://192.168.1.149/fss/index.php?cam= 2 Directory transversal http://192.168.1.149/fss/index.php?cam=/../../../../../../../.. 3 Shell...

Kaspersky, Citizen Lab Uncover HackingTeam Mobile Malware

Controversial spyware commercially developed by Italy’s HackingTeam and sold to governments and law enforcement for the purpose of surveillance, has a global command and control infrastructure and for the first time, security experts have insight into how its mobile malware components work...

Dyreza Banker Trojan Seen Bypassing SSL

Banker Trojans have proven to be reliable and effective tools for attackers interested in quietly stealing large amounts of money from unwitting victims. Zeus, Carberp and many others have made piles of money for their creators and the attackers who use them, and researchers have been looking at ...

openSUSE Security Update : telepathy-gabble (openSUSE-SU-2011:0303-1)

This update of telepathy-gabble is validating the origin of a google:jingleinfo update message now. Not validating the origin could be used to intercept calls. CVE-2011-1000: CVSS v2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N: Input Validation CWE-20 %NASLMINLEVEL 70300 C Tenable Network Security...

Snoopy - A distributed tracking and data interception framework

Snoopy is a distributed tracking and profiling framework which can perform interesting tracking and profiling of mobile users through the use of WiFi. There have been recent initiatives from numerous governments to legalise the monitoring of citizens’ Internet based communications web sites...

OpenSSL re-aeration of the CCS injection vulnerability-vulnerability warning-the black bar safety net

Too much drama last night to see a good piece has about, also good, 2 0 1 2 edition of the perfect memories on, like me such people still choose to use the TV or go to the cinema to see the movie, in the middle of no commercials, experience holding back process, always Suddenly have a lot of idea...

NICE Recording eXpress 6.x Root Backdoor / XSS / Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Root Backdoor & Unauthenticated access to voice recordings product: NICE Recording eXpress voice recording solution formerly...

tomcat: session fixation still possible with disableURLRewriting enabled

It was found that previous fixes in Tomcat 6 to path parameter handling introduced a regression that caused Tomcat to not properly disable URL rewriting to track session IDs when the disableURLRewriting option was enabled. A man-in-the-middle attacker could potentially use this flaw to hijack a...

Fake Digital Certificates Found in the Wild While Observing Facebook SSL Connections

Visiting a website certified with an SSL certificate doesn’t mean that the website is not bogus. Secure Sockets Layer SSL protect the web users in two ways, it uses public key encryption to encrypt sensitive information between a user’s computer and a website, such as usernames, passwords, or...

Service Worker - first draft published

The first draft of the service worker spec was published today! It's been a collaborative effort between Google, Samsung, Mozilla and others, and implementations for Chrome and Firefox are being actively developed. Anyone interesting in the web competing with native apps should be excited by this...

Open-Xchange Security Advisory 2014-04-08

Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Vulnerability type: Information exposure CWE-200 Vulnerable version: 7.4.2 and earlier Vulnerable component: frontend Fixed version: 7.4.2-rev13, 7.4.1-rev11, 7.2.2-rev20 Report confidence: Confirmed Solution status: Fixed by Vendor Vendor...