964 matches found
Facebook Ticker partially Removed Due To Various Bugs
Facebook Ticker partially Removed Due To Various Bugs According to a Post on Facebook Known Issues Page, Facebook has removed the ticker apparently motivated the social network to call the phenomenon a bug that's undergoing a fix. Facebook says that "Some people are seeing their ticker disappear...
Android Bloatware, Another Serious Android Privacy Issue
Android Bloatware , Another Serious Android Privacy Issue Researchers have found that some Android smartphones are more vulnerable to attacks than others, thanks to add-on software and skins that get installed by handset makers before they ship their smartphones to subscribers. It's not just...
How Facebook Ticker exposing your information and behavior without your knowledge
How Facebook Ticker exposing your information and behavior without your knowledge Nelson Novaes Neto, a Brazilian independent Security and Behavior Research have analyze a privacy issue in Facebook Ticker that allows any person chasing you without your knowledge or consent . He explain that this ...
How Facebook Ticker exposing your information and behavior without your knowledge
How Facebook Ticker exposing your information and behavior without your knowledge Nelson Novaes Neto , a Brazilian independent Security and Behavior Research have analyze a privacy issue in FacebookTicker that allows any person chasing you without your knowledge or consent . He explain that this ...
View PDF Macro in Office Connector makes http fetch from Adobe from https session
The View PDF macro within the Office Connector plugin provides the following http URL even for https sessions when a user's browser fails the Flash installed test. http://www.adobe.com/images/shared/downloadbuttons/getflashplayer.gif It's bad form to mix http urls in with secured https sessions a...
Internet Explorer PDF Information Leak
Millions of PDF invisibly embedded with your internal disk paths I found an interesting privacy issue while analyzing PDF files. This bug occurs when you are using Internet Explorer to print locally saved web pages as PDF and affects all IE versions including IE8. It does not matter which PDF...
Ubuntu USN-783-1 (ecryptfs-utils)
The remote host is missing an update to ecryptfs-utils announced via advisory USN-783-1. OpenVAS Vulnerability Test $Id: ubuntu7831.nasl 8616 2018-02-01 08:24:13Z cfischer $ $Id: ubuntu7831.nasl 8616 2018-02-01 08:24:13Z cfischer $ Description: Auto-generated from advisory USN-783-1 ecryptfs-util...
User tracking via XUL persist attribute — Mozilla
Security researcher Hish reported that the persist attribute in XUL elements can be used to store cookie-like information on a user's computer which could later be read by a website. This creates a privacy issue for users who have a non-standard cookie preference and wish to prevent sites from...
Session must not be invalidated on logout
People ran into problems|http://forums.atlassian.com/thread.jspa?forumID=101&threadID=29965 because we started invalidating the session on logout in 2.9.2. They expect certain session attributes like the seraph LOGGEDOUTKEY to be present. This means we need to remove all session attributes except...
Session must not be invalidated on logout
People ran into problems|http://forums.atlassian.com/thread.jspa?forumID=101&threadID=29965 because we started invalidating the session on logout in 2.9.2. They expect certain session attributes like the seraph LOGGEDOUTKEY to be present. This means we need to remove all session attributes except...
CVE-2008-2221
Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors...
SuSE 10 Security Update : Security update for (ZYPP Patch Number 5134)
This update brings Mozilla Firefox to security update version 2.0.0.13 Following security problems were fixed : - XUL popup spoofing variant cross-tab popups. MFSA 2008-19 / CVE-2008-1241 - Java socket connection to any local port via LiveConnect. MFSA 2008-18 / CVE-2008-1195 / CVE-2008-1240 -...
mozilla -- multiple vulnerabilities
The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2008-19 XUL popup spoofing variant cross-tab popups MFSA 2008-18 Java sock...
Privacy issue with SSL Client Authentication — Mozilla
Peter Brodersen and Alexander Klink independently reported that the default setting for SSL Client Authentication, automatically selecting a client certificate on behalf of the user, creates a potential privacy issue for users by allowing tracking through client certificates. For users who alread...
Unfixed XSS vulnerability at searchsnap.net
Security researcher Mystick, has submitted on 03/11/2008 a cross-site-scripting XSS vulnerability affecting searchsnap.net, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 25/11/2010. It is currently...
skyportal vrc6 - Multiple Vulnerabilities
WwW.BugReport.ir BugReport Security Research & Penetration Testing Group Title: Sky Portal Multiple SQL Injection Vulnerabilities Vendor: http://skyportal.net Exploitation: Remote with browser Fix Available: Patched In Last Version In Vendor Leaders : Shahin Ramezany & Sorush Dalili Team Members:...
CVE-2007-0227
CVE-2007-0227 affects slocate 3.1, which does not properly manage database entries that specify names of files in protected directories, enabling local users to obtain the names of private files. The issue is not present in slocate 2.7. Public references indicate multiple advisories (Ubuntu USN-4...
CVE-2005-0149
Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages...
Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:150)
Daniel Fabian discovered a potential privacy issue in KDE. When creating a link to a remote file from various applications, including Konqueror, the resulting URL may contain the authentication credentials used to access that remote resource. This includes, but is not limited to, browsing SMB Sam...
Insecure handling of notes in Slashcode
Security Advisory - September 9, 2001 plastic.com's Slashcode Overview: The implementation of private notes on plastic.com's Slashcode-driven site is insecure. Any logged in user can view any message in the system. Description: After logging into the site as a user,...