Mozilla Thunderbird < 31.4 Multiple Vulnerabilities (Mac OS X)

The version of Thunderbird installed on the remote Mac OS X host is prior to 31.4. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory safety issues exist within the browser engine. CVE-2014-8634, CVE-2014-8635 - A flaw exists in 'navigator.sendBeacon' in...

SeaMonkey < 2.32 Vulnerability

The version of SeaMonkey installed on the remote host is prior to 2.32. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory safety issues exist within the browser engine. CVE-2014-8634, CVE-2014-8635 - A flaw exists where DOM objects with some specific...

AssetMan 2.5-b - SQL Injection using Session Fixation Attack

No description provided by source. ============================================================ AssetMan v2.5-b SQL Injection using Session Fixation Attack ============================================================ ; , ,; '. ;: :; :: :: :: :: ': : :. : ;' :: :: ' .' '; ;' '. :: :; ;: :: ; :;. ,...

Google Chrome < 31.0.1650.63 Multiple Vulnerabilities

Binary data 801613.prm...

Google Chrome < 31.0.1650.63 Multiple Vulnerabilities

Binary data 8063.pasl...

CVE-2013-2067

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a...

CVE-2013-2067

java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a...

Cross Site Scripting - Dokumentation, Analyse & Techniken

Document Title: =============== Cross Site Scripting - Dokumentation, Analyse & Techniken References: =========== https://www.vulnerability-lab.com/resources/documents/198.pdf https://de.wikipedia.org/wiki/Cross-SiteScriptingWeblinks ; Release Date: ============= 2011-07-19 Vulnerability Laborato...

[MajorSecurity Advisory #55]moziloCMS - Directory Traversal, Cross Site Scripting and Session Fixation Issues

MajorSecurity Advisory 55moziloCMS - Directory Traversal, Cross Site Scripting and Session Fixation Issues Details ======= Product: moziloCMS Security-Risk: high Remote-Exploit: yes Vendor-URL: http://cms.mozilo.de/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovere...

DSA-1711-1 typo3-src - remote code execution

Bulletin has no description...

About the security content of Security Update 2008-008 / Mac OS X v10.5.6

About the security content of Security Update 2008-008 / Mac OS X v10.5.6 Last Modified: December 15, 2008 Article: HT3338 Summary This document describes the security content of Security Update 2008-008 / Mac OS X v10.5.6, which can be downloaded and installed via Software Update preferences, or...

fresh email script 1.0 - Multiple Vulnerabilities

+-----------------+-----------------+-----------------+ 2. +-----------------+Fresh Email Script+----------------+ 3. +-----------------versions: 1.0 to 1.11 - all 4. +-----------------exploits: file inclusion & cookie manipulation 5. +-----------------founder: Don 6. +-----------------date:...

major_rls53.txt

MajorSecurity Advisory 53BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues Details ======= Product: BLUEPAGE CMS Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.bluepage-cms.com/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered b...

Cross site scripting

Microsoft Internet Explorer allows web sites to set cookies for domains that have a public suffix with more than one dot character, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." NOTE: this issue may exist becaus...

CVE-2008-3172

CVE-2008-3172 affects the Opera browser. The issue arises because websites could set cookies for country-specific top-level domains that have DNS A records (examples include co.tv). This could enable remote attackers to perform a session fixation attack and hijack a user’s HTTP session. The avail...

CVE-2008-3170

Technical details about CVE-2008-3170 are not publicly available in the provided connected documents; monitor for updates.

[DRUPAL-SA-2006-003] Drupal 4.6.6 / 4.5.8 fixes session fixation issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2006-003 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2006-003 Project: Drupal core Date: 2006-03-13 Security risk: less critical...

CVE-2004-0867

Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected...

ACROS Security: Unsanitized Session ID Cookie Allows Modifying Server Response

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2004-10-14-3 ------------------------------------------------------------------------- ASPR 2004-10-14-3: Unsanitized Session ID Cookie Allows Modifying Serv...

RHEL 2.1 / 3 : kdelibs, kdebase (RHSA-2004:412)

Updated kdelib and kdebase packages that resolve multiple security issues are now available. The kdelibs packages include libraries for the K Desktop Environment. The kdebase packages include core applications for the K Desktop Environment. Andrew Tuitt reported that versions of KDE up to and...