809 matches found
Dell SonicWALL EMail Security Appliance Application 7.4.5 - Multiple Vulnerabilities
Document Title: =============== Dell SonicWall EMail Security Appliance Application v7.4.5 - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1191 Dell SonicWall Security Bulletin:...
Starbucks Patches Vulnerable iOS App
Starbucks has patched a vulnerability in its iOS app that was found last week spilling user data, including usernames and passwords, by adding what it’s called an “additional safeguard measure” to protect its customers. While it’s a relatively quick turnaround for the company – it only took about...
tomcat: three DIGEST authentication implementation issues
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to...
tomcat: three DIGEST authentication implementation issues
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to...
PHP vulnerabilities of the session session hijacking-vulnerability warning-the black bar safety net
This article mainly introduced for the PHP website, Session hijacking. session hijacking is a more complex attack methods. Most of the Internet on the computer more there is to attack danger. This is a hijacking of the tcp Protocol, so almost all of the LAN, there is the hijacking possible. The...
eliteCMS installation file did not validate + the word written to the security vulnerability-vulnerability warning-the black bar safety net
eliteCMS installation program after the installation is not locked, cause hackers can access setup addresses repeat the installation 另外 一 个 漏洞 是 安装 程序 可以 直接 写 入 一句话 到 admin/includes/config.php We look at the code: ... elseif $GET'step' == "4" $file = "../admin/includes/config.php"; $write = "?...
CVE-2012-3458
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
DEBIAN-CVE-2012-3458
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
PYSEC-2012-1
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
Code injection
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
CVE-2012-3458
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
Default configuration
The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack...
Default configuration
The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then...
CVE-2009-5119
The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack...
RedHat Update for gnutls RHSA-2012:0428-01
Check for the Version of gnutls OpenVAS Vulnerability Test RedHat Update for gnutls RHSA-2012:0428-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
Janetter vulnerable to information disclosure
Overview Janetter contains an information disclosure vulnerability. Janetter is a client software for using Twitter. Janetter contains an information disclosure vulnerability. Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University reported this vulnerability to IPA. JPCERT/...
CVE-2011-4136
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...
DEBIAN-CVE-2011-4136
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...
Design/Logic Flaw
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...
CVE-2011-4136
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...