9101 matches found
CVE-2014-0154
oVirt Engine before 3.5.0 does not include the HTTPOnly flag in a Set-Cookie header for the session IDs, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
Design/Logic Flaw
oVirt Engine before 3.5.0 does not include the HTTPOnly flag in a Set-Cookie header for the session IDs, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2014-0154
oVirt Engine before 3.5.0 does not include the HTTPOnly flag in a Set-Cookie header for the session IDs, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
PT-2015-3597 · Ovirt · Ovirt Engine
Name of the Vulnerable Software and Affected Versions: oVirt Engine versions prior to 3.5.0 Description: The issue allows remote attackers to obtain potentially sensitive information via script access to session IDs due to the missing HTTPOnly flag in the Set-Cookie header. Recommendations: For...
X.Org X Server 'xkb/xkb.c' Information Disclosure Vulnerability
Xorg X Server is one of the X Window System display servers available on multiple platforms. X.Org X Server 'xkb/xkb.c' fails to properly handle XkbSetGeometry requests, allowing an attacker to exploit vulnerability-sensitive information...
ovirt-engine-webadmin: HttpOnly flag is not included when the session ID is set
It was found that the oVirt web admin interface did not include the HttpOnly flag when setting session IDs with the Set-Cookie header. This flaw could make it is easier for a remote attacker to hijack an oVirt web admin session by leveraging a cross-site scripting XSS vulnerability...
SA-CONTRIB-2015-041 - Feature Set - Cross Site Request Forgery (CSRF)
Feature Set module enables you to enable or disable sets of features or modules. The module doesn't sufficiently protect some URLs against CSRF. A malicious user can cause an administrator to enable and disable modules by getting the administrator's browser to make a request to a specially-crafte...
openSUSE Security Update : vlc (openSUSE-SU-2015:0201-1)
vlc was updated to the current openSUSE Tumbleweed version. live555 was also updated to the current openSUSE Tumbleweed version as a dependency. Security issues fixed : - Fix various buffer overflows and null ptr dereferencing boo914268, CVE-2014-9625. Other fixes : - Enable SSE2 instruction set...
(Mobile Pwn2Own) Apple Safari Set Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Set...
Solaris 10 (sparc) : 151672-03 (deprecated)
SunVTS 7.0: Patch Set 19 consolidation patch. Date this patch was last updated by Sun : May/14/15 This plugin has been deprecated and either replaced with individual 151672 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@...
Mozilla Firefox ESR Multiple Vulnerabilities-01 (Jan 2015) - Mac OS X
Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...
Mozilla Firefox ESR Multiple Vulnerabilities-01 (Jan 2015) - Windows
Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...
Mozilla Thunderbird Multiple Vulnerabilities-01 (Jan 2015) - Mac OS X
Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...
Oracle Solaris Third-Party Patch Update : perl-512 (cve_2012_5195_heap_buffer)
The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the Perlrepeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service...
Session fixation
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...
CVE-2014-8639
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...
UBUNTU-CVE-2014-8639
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...
Dell iDRAC IPMI 1.5 Insufficient Session ID Randomness
""" For testing purposes only. c Yong Chuan, Koh 2014 """ from time import sleep from socket import from struct import from random import import sys, os, argparse HOST = None PORT = 623 bufsize = 1024 recv = "" create socket UDPsock = socketAFINET,SOCKDGRAM UDPsock.settimeout2 data = 21 offset of...
Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04)
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...
Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04)
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...