7588 matches found
Design/Logic Flaw
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
CVE-2008-3663
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
CVE-2008-3663
CVE-2008-3663 summary (from provided docs): SquirrelMail prior to the patch release had a session cookie that was not marked Secure during HTTPS, potentially allowing cookie exposure to remote attackers via HTTP requests. The linked advisories reference SquirrelMail 1.4.15 and note that updates/p...
CVE-2008-3663
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
CVE-2008-3102
Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
Design/Logic Flaw
Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
CVE-2008-3102
Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
CVE-2008-3102
CVE-2008-3102 affects MantisBT: vulnerable in Mantis 1.1.x (up to 1.1.2) and 1.2.x (up to 1.2.0a2). Root cause: the session cookie is not marked Secure in HTTPS sessions, enabling potential cookie leakage. Impact stated in sources includes session hijacking through captured cookies; other CVEs in...
CVE-2008-3661
Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
CVE-2008-3661
Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
Design/Logic Flaw
Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
CVE-2008-3661
Drupal, probably 5.10 and 6.4, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
CVE-2008-3662
Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
CVE-2008-3662
Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
CVE-2008-3662
CVE-2008-3662 affects Gallery before 1.5.9 and 2.x before 2.2.6. Root cause: session cookies are not marked Secure in HTTPS sessions, allowing cookies to be sent over HTTP and potentially captured by remote attackers. Impact: information disclosure of the session cookie. Remediation: upgrade to G...
Design/Logic Flaw
Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...
FreeBSD Security Advisory (FreeBSD-SA-04:16.fetch.asc)
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-04:16.fetch.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
SECOBJADV-2008-03.2: PartyGaming PartyPoker Malicious Update Vulnerability
====================================================================== = Security Objectives Advisory SECOBJADV-2008-03.2 = ====================================================================== PartyGaming PartyPoker Malicious Update Vulnerability...
Yet another wretched trick: Surf Jacking-vulnerability warning-the black bar safety net
Author: thorn This technique is today EnableSecurityissue. The prerequisite is to be able tointercepted trafficit. Specifically, it can monitor the uplink traffic, you can modify the downstream flow. Method by the arp spoofing, DNS spoofing, wireless monitor or the like. Some people might say, ca...
fc_sql.txt
Title : Facility Composer Website SQL Injection Description : The Facility Composer Website at ff.cecer.army.mil/fc/ suffers from an SQL Injection vulnerability. Author : Tosser E-mail : [email protected] Proof : Go to https://ff.cecer.army.mil/fc/login.jsp and type something like ' or 'x'='x in t...