Lucene search
+L

964 matches found

The Hacker News
The Hacker News
added 2011/12/14 8:2 p.m.8 views

Facebook Ticker partially Removed Due To Various Bugs

Facebook Ticker partially Removed Due To Various Bugs According to a Post on Facebook Known Issues Page, Facebook has removed the ticker apparently motivated the social network to call the phenomenon a bug that's undergoing a fix. Facebook says that "Some people are seeing their ticker disappear...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2011/12/05 7:48 p.m.3 views

Android Bloatware, Another Serious Android Privacy Issue

Android Bloatware , Another Serious Android Privacy Issue Researchers have found that some Android smartphones are more vulnerable to attacks than others, thanks to add-on software and skins that get installed by handset makers before they ship their smartphones to subscribers. It's not just...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2011/10/28 7:46 p.m.10 views

How Facebook Ticker exposing your information and behavior without your knowledge

How Facebook Ticker exposing your information and behavior without your knowledge Nelson Novaes Neto, a Brazilian independent Security and Behavior Research have analyze a privacy issue in Facebook Ticker that allows any person chasing you without your knowledge or consent . He explain that this ...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2011/10/28 7:46 p.m.4 views

How Facebook Ticker exposing your information and behavior without your knowledge

How Facebook Ticker exposing your information and behavior without your knowledge Nelson Novaes Neto , a Brazilian independent Security and Behavior Research have analyze a privacy issue in FacebookTicker that allows any person chasing you without your knowledge or consent . He explain that this ...

7AI score
Exploits0
Atlassian
Atlassian
added 2011/09/07 10:10 p.m.28 views

View PDF Macro in Office Connector makes http fetch from Adobe from https session

The View PDF macro within the Office Connector plugin provides the following http URL even for https sessions when a user's browser fails the Flash installed test. http://www.adobe.com/images/shared/downloadbuttons/getflashplayer.gif It's bad form to mix http urls in with secured https sessions a...

6.8AI score
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2009/11/23 12:0 a.m.89 views

Internet Explorer PDF Information Leak

Millions of PDF invisibly embedded with your internal disk paths I found an interesting privacy issue while analyzing PDF files. This bug occurs when you are using Internet Explorer to print locally saved web pages as PDF and affects all IE versions including IE8. It does not matter which PDF...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2009/06/09 12:0 a.m.24 views

Ubuntu USN-783-1 (ecryptfs-utils)

The remote host is missing an update to ecryptfs-utils announced via advisory USN-783-1. OpenVAS Vulnerability Test $Id: ubuntu7831.nasl 8616 2018-02-01 08:24:13Z cfischer $ $Id: ubuntu7831.nasl 8616 2018-02-01 08:24:13Z cfischer $ Description: Auto-generated from advisory USN-783-1 ecryptfs-util...

1.9CVSS6.5AI score0.00293EPSS
Exploits0References1
Mozilla
Mozilla
added 2008/12/16 12:0 a.m.25 views

User tracking via XUL persist attribute — Mozilla

Security researcher Hish reported that the persist attribute in XUL elements can be used to store cookie-like information on a user's computer which could later be read by a website. This creates a privacy issue for users who have a non-standard cookie preference and wish to prevent sites from...

5CVSS2.2AI score0.02295EPSS
Exploits0References2Affected Software1
Atlassian
Atlassian
added 2008/11/13 3:49 a.m.17 views

Session must not be invalidated on logout

People ran into problems|http://forums.atlassian.com/thread.jspa?forumID=101&threadID=29965 because we started invalidating the session on logout in 2.9.2. They expect certain session attributes like the seraph LOGGEDOUTKEY to be present. This means we need to remove all session attributes except...

2.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/11/13 3:49 a.m.20 views

Session must not be invalidated on logout

People ran into problems|http://forums.atlassian.com/thread.jspa?forumID=101&threadID=29965 because we started invalidating the session on logout in 2.9.2. They expect certain session attributes like the seraph LOGGEDOUTKEY to be present. This means we need to remove all session attributes except...

2.8AI score
Exploits0
Cvelist
Cvelist
added 2008/05/14 6:0 p.m.26 views

CVE-2008-2221

Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors...

6.6AI score0.02286EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2008/04/01 12:0 a.m.33 views

SuSE 10 Security Update : Security update for (ZYPP Patch Number 5134)

This update brings Mozilla Firefox to security update version 2.0.0.13 Following security problems were fixed : - XUL popup spoofing variant cross-tab popups. MFSA 2008-19 / CVE-2008-1241 - Java socket connection to any local port via LiveConnect. MFSA 2008-18 / CVE-2008-1195 / CVE-2008-1240 -...

9.3CVSS8.4AI score0.06055EPSS
Exploits2References26
FreeBSD
FreeBSD
added 2008/03/26 12:0 a.m.58 views

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2008-19 XUL popup spoofing variant cross-tab popups MFSA 2008-18 Java sock...

9.3CVSS7.5AI score0.06055EPSS
Exploits2
Mozilla
Mozilla
added 2008/03/25 12:0 a.m.38 views

Privacy issue with SSL Client Authentication — Mozilla

Peter Brodersen and Alexander Klink independently reported that the default setting for SSL Client Authentication, automatically selecting a client certificate on behalf of the user, creates a potential privacy issue for users by allowing tracking through client certificates. For users who alread...

5CVSS1.8AI score0.01272EPSS
Exploits1References2Affected Software2
xssed
xssed
added 2008/03/11 12:0 a.m.7 views

Unfixed XSS vulnerability at searchsnap.net

Security researcher Mystick, has submitted on 03/11/2008 a cross-site-scripting XSS vulnerability affecting searchsnap.net, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 25/11/2010. It is currently...

Exploits0References1
Exploit DB
Exploit DB
added 2007/11/20 12:0 a.m.36 views

skyportal vrc6 - Multiple Vulnerabilities

WwW.BugReport.ir BugReport Security Research & Penetration Testing Group Title: Sky Portal Multiple SQL Injection Vulnerabilities Vendor: http://skyportal.net Exploitation: Remote with browser Fix Available: Patched In Last Version In Vendor Leaders : Shahin Ramezany & Sorush Dalili Team Members:...

7.4AI score
Exploits0
CVE
CVE
added 2007/01/13 2:0 a.m.71 views

CVE-2007-0227

CVE-2007-0227 affects slocate 3.1, which does not properly manage database entries that specify names of files in protected directories, enabling local users to obtain the names of private files. The issue is not present in slocate 2.7. Public references indicate multiple advisories (Ubuntu USN-4...

5CVSS5.6AI score0.01673EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2005/01/29 5:0 a.m.30 views

CVE-2005-0149

Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages...

6.5AI score0.01682EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2004/12/15 12:0 a.m.32 views

Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:150)

Daniel Fabian discovered a potential privacy issue in KDE. When creating a link to a remote file from various applications, including Konqueror, the resulting URL may contain the authentication credentials used to access that remote resource. This includes, but is not limited to, browsing SMB Sam...

7.5CVSS5.3AI score0.0272EPSS
Exploits1References5
securityvulns
securityvulns
added 2001/09/08 12:0 a.m.39 views

Insecure handling of notes in Slashcode

Security Advisory - September 9, 2001 plastic.com's Slashcode Overview: The implementation of private notes on plastic.com's Slashcode-driven site is insecure. Any logged in user can view any message in the system. Description: After logging into the site as a user,...

6.9AI score
Exploits0
Rows per page
Query Builder