PYSEC-2014-115

The urlopen function in pym/portage/util/urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate...

CloudFlare Rolls Out Free SSL

In a move that will essentially double the number of SSL-protected sites on the Web in the space of 24 hours, CloudFlare on Monday said that it was enabling SSL for all of its more than two million customers for free. The new service is called Universal SSL, and the company is making it available...

CVE-2014-3103

The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an...

Session fixation

The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an...

CVE-2014-3103

The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an...

CVE-2014-3103

The CVE-2014-3103 entry applies to IBM Rational ClearQuest Web. Affected: ClearQuest Web sessions using SSL where the session cookie lacks the Secure attribute, enabling potential interception of cookies transmitted over HTTP. Affected versions include 7.1.x (up to 7.1.2.15), 8.0.x (up to 8.0.0.1...

High-Volume, High-Rate DDoS Attacks Persist

As expected, the numbers back up the continued proliferation of both high-volume and high-rate distributed denial of service attacks – like the ones executed via NTP amplification – over the last few months. NSFOCUS, a security firm that measures DDoS traffic, released its Mid-Year Threat Report...

Joomla Face Gallery 1.0 SQL Injection / File Download

Exploit Title : Joomla Face Gallery 1.0 Multiple Vulnerabilities Exploit Author : Claudio Viviani Vendor Homepage : https://www.apptha.com Software Link : https://www.apptha.com/downloadable/download/sample/sampleid/150 Dork Google: inurl:option=comfacegallery Date : 2014-09-17 Tested on : Window...

Code injection

Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via 1 an http web site, 2 an https web site with an unacceptable X.509 certificate, or 3 an IFRAME element...

CVE-2014-4363

Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via 1 an http web site, 2 an https web site with an unacceptable X.509 certificate, or 3 an IFRAME element...

USN-2346-1: curl vulnerabilities

Tim Ruehsen discovered that curl incorrectly handled partial literal IP addresses. This could lead to the disclosure of cookies to the wrong site, and malicious sites being able to set cookies for others. CVE-2014-3613 Tim Ruehsen discovered that curl incorrectly allowed cookies to be set for Top...

cURL/libcURL Cookie handling remote security bypass Vulnerability(CVE-2 0 1 4-3 6 2 0)-vulnerability warning-the black bar safety net

Affected system: cURL cURL 7.31.0 - 7.37.1 Description: BUGTRAQ ID: 6 9 7 4 2 CVECAN ID: CVE-2 0 1 4-3 6 2 0 cURL/libcURL is a command-line file transfer tool that supports FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. cURL/libcURL 7.31.0 - 7.37.1 version error for TLD set a cookie...

SuSE 11.3 Security Update : kdelibs4 (SAT Patch Number 9676)

This update of the kdelibs4 KSSL interface makes it select a set of default ciphers that is recommended for current usage. This update is needed for Konqueror to restrict its cipher set when using https. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks ...

super-spar-reisen.de XSS vulnerability

Vulnerable URL: http://super-spar-reisen.de/reise-urlaub-tipps.php?START=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert%28String.fromCharCode%2888,%2083,%2083,%2080,%2079,%2083,%2069,%2068%29%29%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 21.11.2017 Latest check for...

CVE-2014-3092

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for...

Session fixation

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for...

CVE-2014-3092

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for...

SuSE 11.3 Security Update : libqt4 (SAT Patch Number 9683)

This update of the QT4 QSSL interface makes it select a set of default ciphers that is recommended for current usage. This update is needed for Konqueror to restrict its cipher set when using https. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in th...

CVE-2014-0909

The Administration and Reporting Tool in IBM Rational License Key Server RLKS 8.1.4.x before 8.1.4.4 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

The Administration and Reporting Tool in IBM Rational License Key Server RLKS 8.1.4.x before 8.1.4.4 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...