Lucene search
K

3309 matches found

Cvelist
Cvelist
added 2011/01/18 5:0 p.m.30 views

CVE-2009-5051

Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

6.5AI score0.01064EPSS
Exploits0References2
Prion
Prion
added 2011/01/10 8:0 p.m.13 views

Session fixation

Cookie.php in Piwik before 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

5CVSS7AI score0.01281EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2011/01/10 7:18 p.m.22 views

CVE-2011-0400

Cookie.php in Piwik before 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

6.5AI score0.01281EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2010/12/21 4:46 p.m.9 views

Threats Go Mobile

Smartphone adoption has exploded in recent years, and this has not been lost on the attackers who are looking for the best way to separate users from their money and confidential data. There were several examples of attackers sneaking malicious applications into mobile app stores, some disguised ...

0.8AI score
Exploits0References5
The Hacker News
The Hacker News
added 2010/12/17 4:17 a.m.9 views

PacketFence v2.0.0 - Latest Version !

"PacketFencePacketFence is an open-source network access control NAC system which provides the following features: registration, detection of abnormal network activities, proactive vulnerability scans, isolation of problematic devices, remediation through a captive portal, 802.1X, wireless...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2010/11/01 5:23 p.m.10 views

Mobile Security Woes Go Beyond Malicious Apps

If, like most Americans, you’ve developed an attachment to your mobile phone that borders on the unnatural and have a hard time going 11 seconds without checking email or texts, you’d do well not to attend a talk by Zach Lanier and Mike Zusman anytime soon. The pair discussed a variety of...

8.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/10/27 12:0 a.m.6 views

FreeBSD : opera -- multiple vulnerabilities (aab187d4-e0f3-11df-b1ea-001999392805)

The Opera Desktop Team reports : - Fixed an issue that allowed cross-domain checks to be bypassed, allowing limited data theft using CSS, as reported by Isaac Dawson. - Fixed an issue where manipulating the window could be used to spoof the page address. - Fixed an issue with reloads and redirect...

5.2AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2010/10/13 12:0 a.m.16 views

Opera < 10.63 Multiple Vulnerabilities

Binary data 5678.prm...

9.3CVSS7.3AI score0.04957EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2010/10/13 12:0 a.m.33 views

Opera < 10.63 Multiple Vulnerabilities

The version of Opera installed on the remote host is prior to 10.63. It is, therefore, affected by the multiple vulnerabilities : - It is possible to bypass cross-domain checks and allow partial data theft by using CSS. 971 - It is possible to spoof the page address by modifying the size of the...

9.3CVSS6.2AI score0.04957EPSS
Exploits0References15
FreeBSD
FreeBSD
added 2010/10/12 12:0 a.m.11 views

opera -- multiple vulnerabilities

The Opera Desktop Team reports: Fixed an issue that allowed cross-domain checks to be bypassed, allowing limited data theft using CSS, as reported by Isaac Dawson. Fixed an issue where manipulating the window could be used to spoof the page address. Fixed an issue with reloads and redirects that...

0.7AI score
Exploits0References5
Opera Security Advisories
Opera Security Advisories
added 2010/10/06 12:0 a.m.16 views

Private video streams can be intercepted

Video content may be used as filler content for a HTML5 canvas, if the video format is natively supported by Opera. If the video and page are from the same site, the content of the canvas can be safely read out by scripts. In some cases, Opera does not check the video's origin correctly, and may...

1.7AI score
Exploits0Affected Software1
n0where
n0where
added 2010/07/18 7:51 p.m.16 views

Wireless and Wired Network Interceptor: the Interceptor

The Interceptor is a wireless wired network tap. Basically, a network tap is a way to listen in to network traffic as it flows past. I haven’t done extensive research but all the ones I found when looking passed the copy of the traffic onto a specified wired interface which was then plugged into ...

6.7AI score
Exploits0
Cvelist
Cvelist
added 2010/04/14 3:44 p.m.31 views

CVE-2010-0025

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of...

6.5AI score0.21491EPSS
Exploits0References4
Fedora
Fedora
added 2010/04/01 5:19 p.m.14 views

[SECURITY] Fedora 13 Update: dsniff-2.4-0.9.b1.fc13

A collection of tools for network auditing and penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf and webspy allow to passively moni tor a network for interesting data passwords, e-mail, files. Arpspoof, dnsspo of and macof facilitate the interception of network traffic normall...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2010/03/09 12:0 a.m.26 views

PHP File Sharing System 1.5.1 - Multiple Vulnerabilities

Title: PHP File Sharing System 1.5.1 Multiple Vulnerabilities Author: blake Tested on: Windows XP SP3 with xampplite 1 XSS http://192.168.1.149/fss/index.php?cam= 2 Directory transversal http://192.168.1.149/fss/index.php?cam=/../../../../../../../.. 3 Shell through file upload can upload php...

7AI score
Exploits0
securityvulns
securityvulns
added 2010/02/17 12:0 a.m.56 views

Enomaly ECP: Multiple vulnerabilities in VMcasting protocol &amp; implementation.

Enomaly ECP: Multiple vulnerabilities in VMcasting protocol & implementation. Synopsis Enomaly ECP up to and including v3.0.4 is believed to contain an insecure silent update mechanism that could allow a remote attacker to execute arbitrary code as root, and to inject or modify VM workloads for...

0.7AI score
Exploits0
myhack58
myhack58
added 2010/02/17 12:0 a.m.98 views

By injecting the Winlogon process intercepts the system password-vulnerability warning-the black bar safety net

Komaki original article, reproduced please indicate the source. Thank you. http://blog.hack.la QQ: 4 2 8 9 0 3 0 A. Winlogon. exe is a prerequisite for the user login process, and. We will now be through DLL injection, to achieve the intercepted system login user name and password and other...

8.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2010/01/20 12:0 a.m.2 views

Security Best Practice: SIP Protocol Enforcement

The Session Initiation Protocol SIP is a signaling protocol, widely used for controlling multimedia communication sessions such as voice and video calls over Internet Protocol IP. The protocol can be used for creating, modifying and terminating two-party unicast or multiparty multicast sessions...

6.7AI score
Exploits0
Atlassian
Atlassian
added 2009/12/24 12:36 a.m.27 views

Unable to use HTTPS for login only

If you setup the urlrewrite.xml like so: noformat ^/s/.//download/images/^?. /images/$2 ^/s/.//^?. /$2 ^/login.action https https://localhost:8443/login.action ^/dologin.action https https://localhost:8443/dologin.action ^/. https /login.action. /dologin.action. /s/. http://localhost:8080/$...

7AI score
Exploits0
NVD
NVD
added 2009/12/23 6:30 p.m.28 views

CVE-2009-3584

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

5CVSS6.3AI score0.01247EPSS
Exploits2References4
Rows per page
Query Builder