CVE-2008-6599

cookiecheck.php in CookieCheck 1.0 stores tmp/ccsessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path."...

Design/Logic Flaw

cookiecheck.php in CookieCheck 1.0 stores tmp/ccsessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path."...

CVE-2008-6599

cookiecheck.php in CookieCheck 1.0 stores tmp/ccsessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path."...

CVE-2008-6599

CookieCheck 1.0 (cookiecheck.php) stores tmp/cc_sessions under the web root with insufficient access control, enabling an attacker to fetch session data via a direct request to the default session save path. Affected component: CookieCheck 1.0; vulnerability arises from insecure session data stor...

DEBIAN-CVE-2009-1214

GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information...

Ubuntu: Security Advisory (USN-576-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for thunderbird RHSA-2008:0105-01

Check for the Version of thunderbird OpenVAS Vulnerability Test RedHat Update for thunderbird RHSA-2008:0105-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

CentOS Update for firefox CESA-2008:0103 centos4 x86_64

Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2008:0103 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CentOS Update for firefox CESA-2008:0103 centos4 x86_64

Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2008:0103 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CentOS Update for firefox CESA-2008:0103 centos3 x86_64

Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2008:0103 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CentOS Update for firefox CESA-2008:0103 centos3 i386

Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2008:0103 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Firefox XSS vulnerabilities in SessionStore

Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting XSS attacks via unknown...

CVE-2008-5810

WBPublish aka WBPublish.exe in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to 1...

Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting

Pages displayed inside an iframe will inherit the character encodingof the parent page, unless they specify their own character encoding.A malicious page that uses the UTF-7 character encoding can includeother sites, for example inside iframes. This can be exploited toperform cross-site scripting...

Microsoft Security Bulletin MS08-039 – Important Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)

Microsoft Security Bulletin MS08-039 – Important Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege 953747 Published: July 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in...

Cosminexus Component Container Session Handling Vulnerability

Overview The session failover function in Cosminexus Component Container may fail to handle session information properly and allow one user's session data to be used as aonther user's session data. Impact A remote attacker could gain unauthorized access to other users' session and obtain sensitiv...

Debian DSA-1557-1 : phpmyadmin - insufficient input sanitising

Several remote vulnerabilities have been discovered in phpMyAdmin, an application to administrate MySQL over the WWW. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-1924 Attackers with CREATE table permissions were allowed to read arbitrary files...

Fedora 7 : phpMyAdmin-2.11.5.1-1.fc7 (2008-2874)

This update addresses PMASA-2008-2 / CVE-2008-1567: phpMyAdmin upstream received an advisory from Jim Hermann: It saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host...

Credentials disclosure on shared hosts via session data

PMASA-2008-2 Announcement-ID: PMASA-2008-2 Date: 2008-03-29 Summary Credentials disclosure on shared hosts via session data Description We received an advisory from Jim Hermann, and we wish to thank him for his work. phpMyAdmin saves sensitive information like the MySQL username and password and...

seamonkey security update

CentOS Errata and Security Advisory CESA-2008:0104 Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open...