Lucene search
K

238 matches found

Fedora
Fedora
added 2019/10/12 1:30 a.m.17 views

[SECURITY] Fedora 29 Update: libapreq2-2.13-38.fc29

libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...

7.5CVSS2AI score0.03941EPSS
Exploits0
Fedora
Fedora
added 2019/10/12 12:30 a.m.24 views

[SECURITY] Fedora 30 Update: libapreq2-2.13-38.fc30

libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...

7.5CVSS2AI score0.03941EPSS
Exploits0
The Hacker News
The Hacker News
added 2019/05/08 9:49 a.m.65 views

Google Chrome to Introduce Improved Cookie Controls Against Online Tracking

At the company's I/O 2019 developer conference, Google has announced its plan to introduce two new privacy and security-oriented features in the upcoming versions of its Chrome web browser. In an attempt to allow users to block online tracking, Google has announced two new features—Improved...

Exploits0
Akamai Blog
Akamai Blog
added 2019/03/04 11:0 a.m.50 views

Future Proofing Your Content Security Perimeter with Enhanced Token Authentication

Background: Media Content Security Security in the media & entertainment industry means securing the entire content consumption path. For any OTT or streaming company that wants to serve or distribute its content to end users, has to protect and safeguard their content against an ever-evolving...

Exploits0
RedhatCVE
RedhatCVE
added 2018/09/06 9:19 p.m.25 views

CVE-2018-1000665

Dojo Dojo Objective Harness DOH version prior to version 1.14 contains a Cross Site Scripting XSS vulnerability in unit.html and testsDOH/base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliv...

8CVSS1.4AI score0.01286EPSS
Exploits0References1
OSV
OSV
added 2018/09/06 5:29 p.m.19 views

CVE-2018-1000665

Dojo Dojo Objective Harness DOH version prior to version 1.14 contains a Cross Site Scripting XSS vulnerability in unit.html and testsDOH/base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliv...

6.1CVSS5.3AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2018/09/06 5:29 p.m.24 views

CVE-2018-1000665

Dojo Dojo Objective Harness DOH version prior to version 1.14 contains a Cross Site Scripting XSS vulnerability in unit.html and testsDOH/base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliv...

6.1CVSS6.5AI score0.01286EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/09/06 5:0 p.m.23 views

CVE-2018-1000665

Dojo Dojo Objective Harness DOH version prior to version 1.14 contains a Cross Site Scripting XSS vulnerability in unit.html and testsDOH/base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliv...

7.3AI score0.01286EPSS
Exploits0References2
Kitploit
Kitploit
added 2018/07/22 2:30 p.m.13 views

Hindsight - Internet History Forensics For Google Chrome/Chromium

Hindsight is a free tool for analyzing web artifacts. It started with the browsing history of the Google Chrome web browser and has expanded to support other Chromium-based applications with more to come!. Hindsight can parse a number of different types of web artifacts, including URLs, download...

7.2AI score
Exploits0References1
n0where
n0where
added 2017/08/25 5:47 p.m.13 views

Packet Trace Parser: Sniffer

Sniffer is a C program that parses and interprets captured Ethernet traffic containing IP datagrams UDP/TCP, and stores the captured payloads, email messages and HTTP cookies sent into files. General Supply any pcap file, produced by tcpdump, that contains a packet trace for the program to use as...

1.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/03/31 12:0 a.m.12 views

Cookie Set For Parent Domain

HTTP by itself is a stateless protocol. Therefore the server is unable to determine which requests are performed by which client, and which clients are authenticated or unauthenticated. The use of HTTP cookies within the headers, allows a web server to identify each individual client and can...

7.1AI score
Exploits0References1
ThreatPost
ThreatPost
added 2016/11/16 12:55 p.m.9 views

PoisonTap Steals Cookies, Drops Backdoors From Password Protected Computers

Even locked, password-protected computers are no rival for Samy Kamkar and his seemingly endless parade of gadgets. His latest, PoisonTap, is a $5 Raspberry Pi Zero device running Node.js that’s retrofitted to emulate an Ethernet device over USB. Assuming a victim has left their web browser open,...

0.6AI score
Exploits0References7
Exploit DB
Exploit DB
added 2016/06/17 12:0 a.m.28 views

op5 7.1.9 - Configuration Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'op5 v7.1.9 Configuration Command Execution', 'Description' = %q op5 an open source network monitoring software. The configurati...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/12/22 12:0 a.m.37 views

Scientific Linux Security Update : curl on SL7.x x86_64 (20151119)

It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issu...

5CVSS7.3AI score0.17942EPSS
Exploits0References6
Hacker One
Hacker One
added 2015/08/20 2:42 p.m.25 views

ownCloud: apps.owncloud.com: Session Cookie in URL can be captured by hackers

Session Cookie in URL URL: https://apps.owncloud.com/stories/feed+rss Issue detail The URL in the request appears to contain a PHP Session token within the query string: https://apps.owncloud.com/stories/feed+rss?id=42590&PHPSESSID=ee0624300266683a4625aabea344212a Issue background Sensitive...

Exploits0
OpenVAS
OpenVAS
added 2015/07/23 12:0 a.m.37 views

RedHat Update for curl RHSA-2015:1254-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS9.9AI score0.17942EPSS
Exploits0References2
OSV
OSV
added 2015/05/03 12:19 a.m.8 views

MGASA-2015-0179 Updated curl packages fix security vulnerabilities

Updated curl packages fix security vulnerabilities: NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user CVE-2015-3143. When parsing HTTP cookies, if the parsed...

7.5CVSS9.5AI score0.3763EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2015/04/23 12:0 a.m.41 views

Debian DSA-3232-1 : curl - security update

Several vulnerabilities were discovered in cURL, an URL transfer library : - CVE-2015-3143 NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. This is similar to...

9CVSS7.6AI score0.3763EPSS
Exploits0References10
myhack58
myhack58
added 2015/04/21 12:0 a.m.14 views

Safari browser cookie access vulnerability affects billions of Apple products-vulnerability warning-the black bar safety net

Present in the Safari browser in a cookie access Vulnerability, CVE-2 0 1 5-1 1 2 6 may affect billions of Apple products, if you are using Safari, be sure to as soon as possible to detect whether it is affected by the vulnerability, if affected Please as soon as possible repair. FreeBuf science:...

6.5AI score
Exploits0
Packet Storm
Packet Storm
added 2015/04/12 12:0 a.m.33 views

Safari Cross-Domain Hijacking

OVERVIEW ========== The 4/8/2015 security updates from Apple included a patch for a Safari cross-domain vulnerability. An attacker could create web content which, when viewed by a target user, bypasses some of the normal cross-domain restrictions to access or modify HTTP cookies belonging to any...

0.2AI score
Exploits0
Rows per page
Query Builder