3263 matches found
FreeBSD : opera -- multiple vulnerabilities (aab187d4-e0f3-11df-b1ea-001999392805)
The Opera Desktop Team reports : - Fixed an issue that allowed cross-domain checks to be bypassed, allowing limited data theft using CSS, as reported by Isaac Dawson. - Fixed an issue where manipulating the window could be used to spoof the page address. - Fixed an issue with reloads and redirect...
Opera < 10.63 Multiple Vulnerabilities
Binary data 5678.prm...
Opera < 10.63 Multiple Vulnerabilities
The version of Opera installed on the remote host is prior to 10.63. It is, therefore, affected by the multiple vulnerabilities : - It is possible to bypass cross-domain checks and allow partial data theft by using CSS. 971 - It is possible to spoof the page address by modifying the size of the...
opera -- multiple vulnerabilities
The Opera Desktop Team reports: Fixed an issue that allowed cross-domain checks to be bypassed, allowing limited data theft using CSS, as reported by Isaac Dawson. Fixed an issue where manipulating the window could be used to spoof the page address. Fixed an issue with reloads and redirects that...
Private video streams can be intercepted
Video content may be used as filler content for a HTML5 canvas, if the video format is natively supported by Opera. If the video and page are from the same site, the content of the canvas can be safely read out by scripts. In some cases, Opera does not check the video's origin correctly, and may...
Wireless and Wired Network Interceptor: the Interceptor
The Interceptor is a wireless wired network tap. Basically, a network tap is a way to listen in to network traffic as it flows past. I haven’t done extensive research but all the ones I found when looking passed the copy of the traffic onto a specified wired interface which was then plugged into ...
CVE-2010-0025
The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of...
[SECURITY] Fedora 13 Update: dsniff-2.4-0.9.b1.fc13
A collection of tools for network auditing and penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf and webspy allow to passively moni tor a network for interesting data passwords, e-mail, files. Arpspoof, dnsspo of and macof facilitate the interception of network traffic normall...
PHP File Sharing System 1.5.1 - Multiple Vulnerabilities
Title: PHP File Sharing System 1.5.1 Multiple Vulnerabilities Author: blake Tested on: Windows XP SP3 with xampplite 1 XSS http://192.168.1.149/fss/index.php?cam= 2 Directory transversal http://192.168.1.149/fss/index.php?cam=/../../../../../../../.. 3 Shell through file upload can upload php...
By injecting the Winlogon process intercepts the system password-vulnerability warning-the black bar safety net
Komaki original article, reproduced please indicate the source. Thank you. http://blog.hack.la QQ: 4 2 8 9 0 3 0 A. Winlogon. exe is a prerequisite for the user login process, and. We will now be through DLL injection, to achieve the intercepted system login user name and password and other...
Enomaly ECP: Multiple vulnerabilities in VMcasting protocol & implementation.
Enomaly ECP: Multiple vulnerabilities in VMcasting protocol & implementation. Synopsis Enomaly ECP up to and including v3.0.4 is believed to contain an insecure silent update mechanism that could allow a remote attacker to execute arbitrary code as root, and to inject or modify VM workloads for...
Security Best Practice: SIP Protocol Enforcement
The Session Initiation Protocol SIP is a signaling protocol, widely used for controlling multimedia communication sessions such as voice and video calls over Internet Protocol IP. The protocol can be used for creating, modifying and terminating two-party unicast or multiparty multicast sessions...
Unable to use HTTPS for login only
If you setup the urlrewrite.xml like so: noformat ^/s/.//download/images/^?. /images/$2 ^/s/.//^?. /$2 ^/login.action https https://localhost:8443/login.action ^/dologin.action https https://localhost:8443/dologin.action ^/. https /login.action. /dologin.action. /s/. http://localhost:8080/$...
DEBIAN-CVE-2009-3584
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
CVE-2009-3584
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
CVE-2009-3584
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
CVE-2009-3584
CVE-2009-3584 involves SQL-Ledger 2.8.24 where the session cookie’s secure flag is not set in HTTPS, enabling potential cookie interception in HTTP sessions. The available connected sources confirm the affected product (SQL-Ledger 2.8.24) and the vulnerability class (cookie security flag misconfi...
CVE-2009-3584
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
Trango Broadband Wireless Interception
-------------------------------------------------------------------------- Trango Broadband Wireless M5830 Series Rogue SU Authentication Bug Date : 15 December, 2009 By: Blair - [email protected] -------------------------------------------------------------------------- Background ----------...
Trango Broadband Wireless Rogue SU Authentication Bug
-------------------------------------------------------------------------- Trango Broadband Wireless M5830 Series Rogue SU Authentication Bug Date : 15 December, 2009 By: Blair - [email protected] -------------------------------------------------------------------------- Background ----------...