CVE-2014-0909

The Administration and Reporting Tool in IBM Rational License Key Server RLKS 8.1.4.x before 8.1.4.4 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

GlassFish Brute Force Utility

This module attempts to login to GlassFish instance using username and password combinations indicated by the USERFILE, PASSFILE, and USERPASSFILE options. It will also try to do an authentication bypass against older versions of GlassFish. Note: by default, GlassFish 4.0 requires HTTPS, which...

CVE-2014-0905

IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2014-0905

IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2014-0905

The vulnerability CVE-2014-0905 affects IBM InfoSphere BigInsights Console (Versions 2.0–2.1.2). The root cause is that the LTPA cookie does not set the Secure attribute in HTTPS sessions, allowing a man‑in‑the‑middle to intercept potentially sensitive cookies transmitted over non-HTTP (insecure)...

Tor Browser 3.6.4 and 4.0-alpha-1 are released

The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical...

FreeBSD : subversion -- several vulnerabilities (83a418cc-2182-11e4-802c-20cf30e32f6d)

Subversion Project reports : Using the Serf RA layer of Subversion for HTTPS uses the aprfnmatch API to handle matching wildcards in certificate Common Names and Subject Alternate Names. However, aprfnmatch is not designed for this purpose. Instead it is designed to behave like common shell...

Google Moves to Boost Search Ranking For HTTPS Sites

In the last couple of years, Google has been making a series of changes to its Web infrastructure to employ encryption more widely and help defeat active attackers. Much of this has gone on in the background, with the company securing the links between its data centers and making other...

CVE-2014-3853

Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2014-3853

CVE-2014-3853 concerns Pyplate 0.08, where the id cookie is not marked as Secure in HTTPS sessions. This can allow remote attackers to capture the cookie by intercepting its transmission in an HTTP (non-HTTPS) session, potentially enabling session-related abuse. The provided documents identify th...

CVE-2014-3853

Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

subversion -- several vulnerabilities

Subversion Project reports: Using the Serf RA layer of Subversion for HTTPS uses the aprfnmatch API to handle matching wildcards in certificate Common Names and Subject Alternate Names. However, aprfnmatch is not designed for this purpose. Instead it is designed to behave like common shell...

CVE-2014-2356

Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request...

Cross site request forgery (csrf)

Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request...

Poor Crypto on Instagram Mobile Apps Allow Man-in-the-Middle

Two unrelated researchers this week disclosed a similar session hijack bug in the Instagram mobile applications for Android and iOS. Facebook has reportedly acknowledged the problem, which arose from a failure to fully encrypt all data traffic on the service, but the world’s largest social networ...

CVE-2014-2356

CVE-2014-2356 affects Innominate mGuard devices. Affected firmware prior to 7.6.4 and 8.x before 8.0.3 allow remote attackers to download configuration snapshots via a crafted HTTPS request without authentication, enabling unauthorized information disclosure (network exposure). The ICS-CERT advis...

CVE-2014-2356 Innominate mGuard Exposure of Sensitive Information to an Unauthorized Actor

Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request...

Tor Browser 3.6.3 - Use Tor on Windows, Mac OS X, or Linux without needing to install any software

The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical...

Instasheep — Instagram Account Hacking Tool Released

Two days ago, we reported at The Hacker News about a critical issue in the most popular image and video sharing service, Instagram app for mobiles, that allows an attacker to hijack users’ account and successfully access private photos, delete victim's photos, edit comments and also post new...