CVE-2008-3662

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

CVE-2008-3662

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

CVE-2008-3662

CVE-2008-3662 affects Gallery before 1.5.9 and 2.x before 2.2.6. Root cause: session cookies are not marked Secure in HTTPS sessions, allowing cookies to be sent over HTTP and potentially captured by remote attackers. Impact: information disclosure of the session cookie. Remediation: upgrade to G...

Design/Logic Flaw

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

FreeBSD Security Advisory (FreeBSD-SA-04:16.fetch.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-04:16.fetch.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

SECOBJADV-2008-03.2: PartyGaming PartyPoker Malicious Update Vulnerability

====================================================================== = Security Objectives Advisory SECOBJADV-2008-03.2 = ====================================================================== PartyGaming PartyPoker Malicious Update Vulnerability...

Yet another wretched trick: Surf Jacking-vulnerability warning-the black bar safety net

Author: thorn This technique is today EnableSecurityissue. The prerequisite is to be able tointercepted trafficit. Specifically, it can monitor the uplink traffic, you can modify the downstream flow. Method by the arp spoofing, DNS spoofing, wireless monitor or the like. Some people might say, ca...

fc_sql.txt

Title : Facility Composer Website SQL Injection Description : The Facility Composer Website at ff.cecer.army.mil/fc/ suffers from an SQL Injection vulnerability. Author : Tosser E-mail : [email protected] Proof : Go to https://ff.cecer.army.mil/fc/login.jsp and type something like ' or 'x'='x in t...

CVE-2008-3171

CVE-2008-3171 concerns Apple Safari leaking Referer headers that contain https URLs to other https sites. The description indicates this can let remote attackers obtain potentially sensitive information by reading Referer log data. Affected software is Safari; the root cause is the inclusion of h...

CVE-2008-3171

Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data...

CVE-2003-1561

Technical details about CVE-2003-1561 are not publicly provided in the supplied documents; no patched versions, affected products, or impact specifics are included. Monitor for updates.

CVE-2003-1560

Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data...

Opera < 9.51 Multiple Vulnerabilities

The version of Opera installed on the remote host reportedly is affected by several issues : - Specially crafted HTML canvas elements could reveal data from random areas of memory. - An unspecified arbitrary code execution vulnerability. - Improperly set security status when navigating from HTTP ...

Design/Logic Flaw

CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute for cookies that are sent over HTTPS, which might allow remote attackers to sniff the cookies if they are sent over HTTP...

CVE-2008-2558

CRE Loaded 6.2.13.1 and earlier does not set the "Secure" attribute for cookies that are sent over HTTPS, which might allow remote attackers to sniff the cookies if they are sent over HTTP...

CVE-2008-2558

CVE-2008-2558 affects CRE Loaded 6.2.13.1 and earlier. The issue is that cookies sent over HTTPS do not set the Secure attribute, potentially allowing cookie sniffing if transmitted over HTTP. Affected software: CRE Loaded 6.2.13.1 and earlier. Underlying cause: lack of Secure flag on HTTPS cooki...

Cisco PIX / ASA multiple security vulnerabilities

TCP ACKs DoS, TLS DoS, instant messenger DoS, HTTPs request parsing DoS, Control-plane ACLs feature bypass...

Novell eDirectory unauthenticated access to SOAP interface

= Affected software : Editor : Novell Name : eDirectory Version : 8.7.x see note and 8.8.2 Services : TCP/8028 HTTP and TCP/8030 HTTPS = External references : http://www.novell.com/support/viewContent.do?externalId=3866911&sliceId=1 https://vulners.com/cve/CVE-2008-0926 = Technical details : A SO...

Novell eDirectory DoS via HTTP headers

= Affected software : Editor : Novell Name : eDirectory Version : 8.7.3 SP 10 and 8.8.2 Services : TCP/8028 HTTP and TCP/8030 HTTPS = External references : http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=1 https://vulners.com/cve/CVE-2008-0927 = Technical details : The...

novelledir-dos.txt

= Affected software : Editor : Novell Name : eDirectory Version : 8.7.3 SP 10 and 8.8.2 Services : TCP/8028 HTTP and TCP/8030 HTTPS = External references : http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0927 =...