EUVD-2008-3733

Malware in sbrugna...

EUVD-2008-2553

Malware in sbrugna...

CVE-2025-36011

CVE-2025-36011 affects IBM Jazz for Service Management versions 1.1.3.0–1.1.3.24. The underlying issue is that authorization tokens and session cookies are stored without the Secure attribute, enabling cookie disclosure if a user is directed to or visits an insecure HTTP link. This could allow an...

CVE-2008-3747

The 1 geteditpostlink and 2 geteditcommentlink functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie...

Facebook Session Sidejacking

Recently, there was a vulnerability discovered in LinkedIn, which is described here http://www.wtfuzz.com/blogs/linkedin-ssl-cookie-vulnerability/ Basically, this allows someone in network to sniff a cookie value and apply it in his browses session to hijack the target's user session. This simple...

CVE-2008-3747

The 1 geteditpostlink and 2 geteditcommentlink functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie...

openssh may set DISPLAY even if it's unable to listen on respective port

OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 IPv4 and sniffing a cookie sent by Emacs...

CVE-2001-0911

CVE-2001-0911 affects PHP-Nuke 5.1, where user and administrator passwords are stored in a base-64 encoded cookie. This could allow remote attackers to gain privileges by stealing/sniffing the cookie and decoding it. The connected sources corroborate the cookie-based credential exposure, but no p...