9 matches found
EUVD-2008-2553
Malware in sbrugna...
EUVD-2008-3733
Malware in sbrugna...
CVE-2025-36011
CVE-2025-36011 affects IBM Jazz for Service Management versions 1.1.3.0–1.1.3.24. The underlying issue is that authorization tokens and session cookies are stored without the Secure attribute, enabling cookie disclosure if a user is directed to or visits an insecure HTTP link. This could allow an...
CVE-2008-3747
The 1 geteditpostlink and 2 geteditcommentlink functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie...
Facebook Session Sidejacking
Recently, there was a vulnerability discovered in LinkedIn, which is described here http://www.wtfuzz.com/blogs/linkedin-ssl-cookie-vulnerability/ Basically, this allows someone in network to sniff a cookie value and apply it in his browses session to hijack the target's user session. This simple...
CVE-2008-3747
The 1 geteditpostlink and 2 geteditcommentlink functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie...
PT-2008-4013 · Cre Loaded · Cre Loaded
Name of the Vulnerable Software and Affected Versions: CRE Loaded versions 6.2.13.1 and earlier Description: The issue is related to the handling of cookies over HTTPS. Specifically, the software does not set the "Secure" attribute for cookies sent over HTTPS, which could allow remote attackers t...
openssh may set DISPLAY even if it's unable to listen on respective port
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 IPv4 and sniffing a cookie sent by Emacs...
CVE-2001-0911
CVE-2001-0911 affects PHP-Nuke 5.1, where user and administrator passwords are stored in a base-64 encoded cookie. This could allow remote attackers to gain privileges by stealing/sniffing the cookie and decoding it. The connected sources corroborate the cookie-based credential exposure, but no p...