CVE-2014-7587

The Blocked in Free aka com.blueup.blocked application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

HackerOne: Ability to see common response titles of other teams (limited)

Hello guys, Not sure what's happening exactly but when I go to my team program dashboard add a new Trigger and then tamper the request and change JSON variable commonresponseid to say 24 and after trigger gets added I see a title of ████████ which is not in my default team template nor added by...

BlackBerry 10 Open to Bug That Allows Malicious App Installation

BlackBerry has patched a vulnerability in its BlackBerry 10 devices that could allow an attacker to intercept users’ traffic to and from the BlackBerry World app store and potentially install malware on a targeted device. The vulnerability is a weakness in the integrity checking system that...

From the DHCP and then dug the broken shell exploits-vulnerability warning-the black bar safety net

Broken shell vulnerabilityShellshockfar-reaching, the use of up seems not so easy, so for the broken shell vulnerability study using the new method will intermittently appear. It is well known, the use of broken shell loophole attacks the Web application has been a popular object of study, and by...

DEBIAN-CVE-2013-4488

libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers...

Люди готовы "на всё" ради бесплатного WiFi

Специалисты из компаний F-Secure, Британского института по информационной безопасности и немецкой компании SySS провели совместное исследование, насколько обычные пользователи готовы подключаться к бесплатному хотспоту, даже если это подключение представляет потенциальную опасность. Для проверки,...

FBI Arrested CEO of 'StealthGenie' for Selling Mobile Spyware Apps

The Federal Bureau of Investigation FBI has arrested the CEO of a UK-based company for allegedly advertising and selling a spyware app to individuals who suspect their romantic partners of cheating on them. The dodgy cell phone spyware application, dubbed as StealthGenie, monitors victims’ phone...

Session fixation

The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an...

CVE-2014-3103

The CVE-2014-3103 entry applies to IBM Rational ClearQuest Web. Affected: ClearQuest Web sessions using SSL where the session cookie lacks the Secure attribute, enabling potential interception of cookies transmitted over HTTP. Affected versions include 7.1.x (up to 7.1.2.15), 8.0.x (up to 8.0.0.1...

Apple Launches iOS 8, Fixes Dozens of Security Flaws

Apple has released iOS 8, a massive update to its mobile operating system, that includes fixes for more than 40 security vulnerabilities. Apple is touting iOS 8 as the biggest update to the software since it launched the App Store, and, aside from the security fixes, there are hundreds of new...

Session fixation

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for...

CVE-2014-3092

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for...

Using QQ panel login authentication is not strictly+Arp sniffing to login within the network of the other QQ space,Weibo, etc free password-vulnerability warning-the black bar safety net

This can be said that there is no technical content,just saying an idea,first simple demo. 1. Open burp set up the browser proxy and then under the QQ panel, QQ space fast landing you can see the burp intercept,is the intercept of this segment of the RUL ! 2. Put this URL copy the following down ...

CVE-2014-0905

IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2014-0905

The vulnerability CVE-2014-0905 affects IBM InfoSphere BigInsights Console (Versions 2.0–2.1.2). The root cause is that the LTPA cookie does not set the Secure attribute in HTTPS sessions, allowing a man‑in‑the‑middle to intercept potentially sensitive cookies transmitted over non-HTTP (insecure)...

CVE-2014-0905

IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2014-3853

Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2014-3853

Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Dolibarr CMS 3.5.3 - Multiple Security Vulnerabilities

No description provided by source. Vulnerability Name: SQL injection Severity: Critical URL: http://localhost/dolibarr/user/fiche.php Affected Users: All authenticated users Issue details: The "entity" parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in th...