Option to disable "secure" cookie when using HTTPS just for login page

Confluence's "remember me" tickbox doesn't work if the login page is secure, but the rest of the application is unsecured. Seraph's CookieUtils.setCookie method create a secure cookie ref|http://www.apps.ietf.org/rfc/rfc2965.htmlpage-7 if the request had a secure URL, and this cookie isn't sent b...

Option to disable "secure" cookie when using HTTPS just for login page

Confluence's "remember me" tickbox doesn't work if the login page is secure, but the rest of the application is unsecured. Seraph's CookieUtils.setCookie method create a secure cookie ref|http://www.apps.ietf.org/rfc/rfc2965.htmlpage-7 if the request had a secure URL, and this cookie isn't sent b...

iDefense Security Advisory 07.17.07: IBM Tivoli Provisioning Manager for OS Deployment TFTP Blocksize DoS Vulnerability

IBM Tivoli Provisioning Manager for OS Deployment TFTP Blocksize DoS Vulnerability iDefense Security Advisory 07.17.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 17, 2007 I. BACKGROUND IBM Corp.'s Tivoli Provisioning Manager for OS Deployment is a network boot server that...

SAP Message Server heap buffer overflow

Overview The SAP Message Server contains a flaw that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description The SAP Message Server is used to exchange and regulate messages between servers in a SAP network. A heap-based buffer...

Internet Communication Manager Denial Of Service Attack

======= Summary ======= Name: Internet Communication Manager Denial Of Service Attack Release Date: 5 July 2007 Reference: NGS00484 Discover: Mark Litchfield [email protected] Vendor: SAP Vendor Reference: SECRES-287 Systems Affected: Confirmed on Windows unconfirmed on NIX Risk: High Status:...

[Full-disclosure] Windows Oday release

dear all SChannel Off-By-One Heap Corruption =================================== Discovery Date: 28th August 2006 Date reported to Microsoft: 19th March 2007 Summary: The Secure Channel SChannel library on WinXP-SP1/SP2 is vulnerable to a off-by-one heap buffer overwrite. The SChannel library...

Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets Advisory ID: cisco-sa-20070522-SSL http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml Revision 1.0 For Public Release 2007 May 22 1300 UTC GMT -...

SOL5534 - Apache mod_proxy message format vulnerability - CAN-2004-0700

Vulnerability description Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled...

garennes-rfi.txt

Garennes 0.6.1 = Remote File Include Vulnerablites D.Script: https://adullact.net/frs/download.php/672/garennes-easyphp-0.6.1.zip Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc Exploit:Path/cpe/index.php?repertoireconfig=Shell Exploit:Path/direction/index.php?repertoireconfig=She...

CVE-2007-1970

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks...

CVE-2007-1970

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks...

CVE-2007-1970

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks...

Code injection

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks...

CVE-2007-1970

CVE-2007-1970 involves Mozilla Firefox where dynamic HTTP elements created on HTTPS pages via a delayed document.write can mislead users and enable phishing content to be served from unauthenticated sources. The vulnerability is described with a moderate base score (CVSS v2.0 base 5.0) and relate...

CVE-2007-1970

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks...

Looked at the foreign cattle people how to tap Microsoft vulnerability-vulnerability warning-the black bar safety net

Ghost boy note: contains a w3wp-dos. c and a PDF document. I also added a download mirror to prevent the official link failure. Information source: 混世魔王 blog w3wp remote DoS due to improper reference of STA COM components in ASP.NET asp.net COM DOS EXP research Cattle below download address. And...

Cisco多个防火墙产品远程拒绝服务漏洞

Cisco PIX/ASA和防火墙服务模块（FWSM）可提供能够进行状态报文过滤和深层报文检查的防火墙服务。 Cisco PIX 500系列安全设备和Cisco ASA 5500系列自适应安全设备中存在多个安全漏洞： 增强型检查畸形HTTP通讯 +----------------------------------------------- 如果启用了增强型HTTP检查的话，则在检查畸形HTTP请求时Cisco PIX和ASA安全设 备可能崩溃。如果启用了HTTP应用检查的话，配置中会包含有类似于inspect http appfw...

Cross site request forgery (csrf)

Cisco FWSM 3.x before 3.13.18, when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service device reboot via a malformed HTTPS request...

Code injection

Cisco Firewall Services Module FWSM 3.x before 3.13.11, when the HTTPS server is enabled, allows remote attackers to cause a denial of service device reboot via certain HTTPS traffic...

CVE-2007-0964

Cisco FWSM 3.x before 3.13.18, when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service device reboot via a malformed HTTPS request...