238 matches found
[SECURITY] Fedora 29 Update: libapreq2-2.13-38.fc29
libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...
[SECURITY] Fedora 30 Update: libapreq2-2.13-38.fc30
libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...
Google Chrome to Introduce Improved Cookie Controls Against Online Tracking
At the company's I/O 2019 developer conference, Google has announced its plan to introduce two new privacy and security-oriented features in the upcoming versions of its Chrome web browser. In an attempt to allow users to block online tracking, Google has announced two new features—Improved...
Future Proofing Your Content Security Perimeter with Enhanced Token Authentication
Background: Media Content Security Security in the media & entertainment industry means securing the entire content consumption path. For any OTT or streaming company that wants to serve or distribute its content to end users, has to protect and safeguard their content against an ever-evolving...
CVE-2018-1000665
Dojo Dojo Objective Harness DOH version prior to version 1.14 contains a Cross Site Scripting XSS vulnerability in unit.html and testsDOH/base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliv...
CVE-2018-1000665
Dojo Dojo Objective Harness DOH version prior to version 1.14 contains a Cross Site Scripting XSS vulnerability in unit.html and testsDOH/base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliv...
CVE-2018-1000665
Dojo Dojo Objective Harness DOH version prior to version 1.14 contains a Cross Site Scripting XSS vulnerability in unit.html and testsDOH/base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliv...
CVE-2018-1000665
Dojo Dojo Objective Harness DOH version prior to version 1.14 contains a Cross Site Scripting XSS vulnerability in unit.html and testsDOH/base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliv...
Hindsight - Internet History Forensics For Google Chrome/Chromium
Hindsight is a free tool for analyzing web artifacts. It started with the browsing history of the Google Chrome web browser and has expanded to support other Chromium-based applications with more to come!. Hindsight can parse a number of different types of web artifacts, including URLs, download...
Packet Trace Parser: Sniffer
Sniffer is a C program that parses and interprets captured Ethernet traffic containing IP datagrams UDP/TCP, and stores the captured payloads, email messages and HTTP cookies sent into files. General Supply any pcap file, produced by tcpdump, that contains a packet trace for the program to use as...
Cookie Set For Parent Domain
HTTP by itself is a stateless protocol. Therefore the server is unable to determine which requests are performed by which client, and which clients are authenticated or unauthenticated. The use of HTTP cookies within the headers, allows a web server to identify each individual client and can...
PoisonTap Steals Cookies, Drops Backdoors From Password Protected Computers
Even locked, password-protected computers are no rival for Samy Kamkar and his seemingly endless parade of gadgets. His latest, PoisonTap, is a $5 Raspberry Pi Zero device running Node.js that’s retrofitted to emulate an Ethernet device over USB. Assuming a victim has left their web browser open,...
op5 7.1.9 - Configuration Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'op5 v7.1.9 Configuration Command Execution', 'Description' = %q op5 an open source network monitoring software. The configurati...
Scientific Linux Security Update : curl on SL7.x x86_64 (20151119)
It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issu...
ownCloud: apps.owncloud.com: Session Cookie in URL can be captured by hackers
Session Cookie in URL URL: https://apps.owncloud.com/stories/feed+rss Issue detail The URL in the request appears to contain a PHP Session token within the query string: https://apps.owncloud.com/stories/feed+rss?id=42590&PHPSESSID=ee0624300266683a4625aabea344212a Issue background Sensitive...
RedHat Update for curl RHSA-2015:1254-02
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2015-0179 Updated curl packages fix security vulnerabilities
Updated curl packages fix security vulnerabilities: NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user CVE-2015-3143. When parsing HTTP cookies, if the parsed...
Debian DSA-3232-1 : curl - security update
Several vulnerabilities were discovered in cURL, an URL transfer library : - CVE-2015-3143 NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. This is similar to...
Safari browser cookie access vulnerability affects billions of Apple products-vulnerability warning-the black bar safety net
Present in the Safari browser in a cookie access Vulnerability, CVE-2 0 1 5-1 1 2 6 may affect billions of Apple products, if you are using Safari, be sure to as soon as possible to detect whether it is affected by the vulnerability, if affected Please as soon as possible repair. FreeBuf science:...
Safari Cross-Domain Hijacking
OVERVIEW ========== The 4/8/2015 security updates from Apple included a patch for a Safari cross-domain vulnerability. An attacker could create web content which, when viewed by a target user, bypasses some of the normal cross-domain restrictions to access or modify HTTP cookies belonging to any...