Session fixation

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2015-2025

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

HTTPS Available as Opt-In for Blogspot

Google said on Wednesday it has made HTTPS available as an opt-in for its Blogspot publishing service. Google and other technology providers have been ramping up encryption rollouts in the two years since the publication of the Snowden documents began. To date, Google has encrypted Gmail, search,...

Heartbleed Vulnerability Scanner - Network Scanner for OpenSSL Memory Leak (CVE-2014-0160)

Heartbleed Vulnerability Scanner is a multiprotocol HTTP, IMAP, SMTP, POP CVE-2014-0160 scanning and automatic exploitation tool written with python. For scanning wide ranges automatically, you can provide a network range in CIDR notation and an output file to dump the memory of vulnerable system...

Apple Mac OS X Gatekeeper Bypass

Gatekeeper is Mac OS X’s guardian against rogue applications and malware sneaking into Apple’s famous walled garden. It’s also been a favorite target of researchers and advanced attackers desperate to gain control of Apple devices. Tomorrow at Virus Bulletin in Prague, researcher Patrick Wardle,...

Gentoo Security Advisory GLSA 201507-16

Gentoo Linux Local Security Checks GLSA 201507-16 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

bank.lv XSS vulnerability

Vulnerable URL:...

New vulnerability: the use of a browser Cookie to bypass HTTPS and steal private information-bug warning-the black bar safety net

! Recently, a presence in the major browsers Web cookies in a serious vulnerability is found, it enables secure browsing mode HTTPS is vulnerable to MiTM attacks. In addition, most of the Web sites and popular open source applications may contain Cookie injection vulnerabilities, including: Googl...

avogel.co.uk XSS vulnerability

Vulnerable URL: http://www.avogel.co.uk/search-results/?cx=003720732158027679253:hh4kmmwovbi=FORID:9=UTF-8=" Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 17:44 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank...

DHS Alerts to Continuing Browser Cookie Vulnerabilities

In case didn’t know or need a reminder, browser cookies aren’t exactly impervious to attack. The DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon University this week dropped an alert that warns users about the continued prevalence of a class of cookie vulnerabilities...

reitmans.com XSS vulnerability

Vulnerable URL: http://www.reitmans.com/on/demandware.store/Sites-AdditionelleCA-Site/default/Resources-Load?x"x=1 Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 08:13 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alex...

Exploiting Browser Cookies to Bypass HTTPS and Steal Private Information

A newly discovered critical flaw in the implementation of web cookies by major browsers could open secured HTTPS browsing to Man-in-the-middle attacks. The US Computer Emergency Response Team CERT has revealed that all the main browser vendors have improperly implemented the RFC 6265 Standard, al...

its-auto.ru Open Redirect vulnerability

Vulnerable URL: http://www.its-auto.ru/bitrix/rk.php?goto=https://xssposed.org Details: Description| Value ---|--- Patched:| Yes, at 15.10.2015 Latest check for patch:| 15.10.2015 01:35 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 1016024 Google...

bwt.fr XSS vulnerability

Vulnerable URL: http://www.bwt.fr/fr/Pages/search.aspx?k=%22%3E%3Cscript%3Ealert%28%27XSSPOSED%27%29;%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1509776 Google...

Cookies set via HTTP requests may be used to bypass HTTPS and reveal private information

Overview RFC 6265 previously RFC 2965 established HTTP State Management, also known as "cookies". In most web browser implementations of RFC 6265, cookies set via HTTP requests may allow a remote attacker to bypass HTTPS and reveal private session information. Description HTTP cookies have long...

ElasticSearch 1.7.2 Cloud-Azure Insecure Transit Vulnerability

The connection string for ELK cloud-azure plugin contains hardcoded http url with the lack of encryption and certificate validation, therefore it is prone to sniffing and MiTM attacks. A potential attacker with the required access to the network traffic would be able to intercept the content of t...

CVE-2015-6828

The CVE concerns WordPress SecureMoz Security Audit plugin

Let's Encrypt Project issues its First Free SSL/TLS Certificate

Last fall the non-profit foundation EFF Electronic Frontier Foundation launched an initiative called Let's Encrypt that aimed at providing Free Digital Cryptographic Certificates TLS to any website that needs them. Today, Let's Encrypt – a free automated Open-source Certificate Authority CA – has...

ecdl.org XSS vulnerability

Vulnerable URL: http://www.ecdl.org/sitesearch.jsp?searchterm=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 17:23 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

Let's Encrypt Issues First Cert

Let’s Encrypt, a movement to issue free and automated HTTPS certificates, today hit a major milestone when its first cert went live. The desire to encrypt web-based services has accelerated projects such as Let’s Encrypt, which was announced last November, and promised by the close of this summer...