Facebook Kills Firesheep With New Secure Browsing Feature

Facing a wave of criticism for not offering a secured browsing option, Facebook has finally added a new feature to browse the popular social network on a secure connection https. However, the https:// browsing is not turned on by default and must be manually activated from an “Account Settings”...

Facebook Used Social Authentication To Shield Tunisian Protesters

Faced with the Tunisian government’s efforts to hack the Facebook accounts of protesters, Facebook’s security team stepped up its use of social authentication to help secure protester’s accounts. A new account of the role of the Facebook in aiding widespread protests against the regime in Tunisia...

Hastymail2 < RC8 Security Bypass Vulnerability

Hastymail2 is prone to a security bypass vulnerability. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

CVE-2009-5051

Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2009-5051

Hastymail2 pre-RC8 is vulnerable: in HTTPS sessions the session cookie is not marked Secure, enabling potential interception of the cookie in transit. The OpenVAS entries describe a session-cookie security bypass; no concrete exploit details or patch/version fixes are provided in the supplied doc...

CVE-2009-5051

Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Oracle Database and Enterprise Manager Grid Control Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Database 11g. Authentication is not required to exploit this vulnerability. The specific flaw exists within a JSP script exposed via an HTTPS server running by default on TCP port 1158. The...

CVE-2011-0400

Cookie.php in Piwik before 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

Cookie.php in Piwik before 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2011-0400

Cookie.php in Piwik before 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

TYPO3 - Arbitrary File Retrieval

?php / TYPO3-SA-2010-022.php Exploit Title: TYPO3 Unauthenticated Arbitrary File Retrieval TYPO3-SA-2010-020, TYPO3-SA-2010-022 Date: 29/12/2010 Author: ikki Software Link: http://typo3.org/download/, http://sourceforge.net/projects/typo3/files/ Version: 4.2.15, 4.3.7 or 4.4.4 Tested on: php CVE ...

CVE-2010-4584

Opera before 11.00, when Opera Turbo is used, does not properly present information about problematic X.509 certificates on https web sites, which might make it easier for remote attackers to spoof trusted content via a crafted web site...

Code injection

Opera before 11.00, when Opera Turbo is used, does not properly present information about problematic X.509 certificates on https web sites, which might make it easier for remote attackers to spoof trusted content via a crafted web site...

CVE-2010-4584

Opera before 11.00, when Opera Turbo is used, does not properly present information about problematic X.509 certificates on https web sites, which might make it easier for remote attackers to spoof trusted content via a crafted web site...

CVE-2010-4584

Opera CVE-2010-4584 describes a vulnerability in Opera prior to version 11.00 where, when Opera Turbo is enabled, the browser does not properly present information about problematic X.509 certificates on HTTPS sites, potentially enabling remote attackers to spoof trusted content via a crafted sit...

Opera < 11 Multiple Vulnerabilities

The version of Opera installed on the remote host is earlier than 11.00. Such versions are potentially affected by the following issues : - An error exists such that web page content can be displayed over dialog boxes leading to security warning misrepresentation. 977, CVE-2010-4579 - An error...

MDVA-2010:238 : php

This is a maintenance update that upgrades php to 5.2.15 for CS4/MES5/2009.0. Key enhancements in PHP 5.2.15 include: Fixed bug 47643 arraydiff takes over 3000 times longer than php 5.2.4. Fixed bug 44248 RFC2616 transgression while HTTPS request through proxy with SoapClient object. Additional...

Fedora Update for openconnect FEDORA-2010-18055

Check for the Version of openconnect OpenVAS Vulnerability Test Fedora Update for openconnect FEDORA-2010-18055 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Web Server Uses Basic Authentication over HTTPS

The remote web server contains web pages that are protected by 'Basic' authentication over HTTPS. While this is not in itself a security flaw, in some organizations, the use of 'Basic' authentication is discouraged as, depending on the underlying implementation, it may be vulnerable to account...