apache tomcat cookie handling problem - characters out of 0x80 - 0xff causing internal server error

Title: Client-based DoS for Apache Tomcat on sending cookie with value out of 0x80 - 0xff scope. Author: Elar Lang @elarlang https://www.linkedin.com/in/elarlang Date: 02. January 2014 / 05. September 2014 Vendor: Apache Product: Tomcat Affected versions at least: 7.0.26 7.0.39 7.0.40 Timeline: 1...

Rooted SSH/SFTP Daemon Default Login Credentials

Rooted SSH/SFTP Daemon installs with static default root credentials and does not prompt the user to change them. Title: Rooted SSH/SFTP Daemon Default Login Credentials Author: Larry W. Cashdollar, @larry0 OSVDB-ID: 110742 Date: 9/2/2014 Download:...

SuSE 11.3 Security Update : kdelibs4 (SAT Patch Number 9676)

This update of the kdelibs4 KSSL interface makes it select a set of default ciphers that is recommended for current usage. This update is needed for Konqueror to restrict its cipher set when using https. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks ...

mod_wsgi: possible privilege escalation in setuid() failure scenarios

It was found that modwsgi did not properly drop privileges if the call to setuid failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: modwsgi i...

Updated bugzilla packages fix a CSRF vulnerability

Updated bugzilla packages fix security vulnerabilities: Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery CSRF attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT...

Minimising font downloads

Optimising fonts is pretty difficult for larger sites. There's an easy solution, although only some browsers support it. Translations Français Fonts can be big Really big. They can be anywhere from 70k to many megabytes compressed of course, because why wouldn't you?. You want bold? Well, you jus...

CVE-2014-3852

Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

Design/Logic Flaw

Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

CVE-2014-3852

Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

CVE-2014-3852

CVE-2014-3852 affects Pyplate 0.08: the id cookie Set-Cookie header is not marked HTTPOnly, enabling potential script access to the cookie and exposure of sensitive information. The NVD reports a medium base score (5.0) with network attack vector and partial confidentiality impact. No remediation...

PT-2014-1976 · D Link · Dns-325 +6

Name of the Vulnerable Software and Affected Versions: D-Link DNS-320L versions prior to 1.04b12 D-Link DNS-327L versions prior to 1.03b04 Build0119 D-Link DNR-326 version 1.40b03 D-Link DNS-320B version 1.02b01 D-Link DNS-345 version 1.03b06 D-Link DNS-325 version 1.05b03 D-Link DNS-322L version...

UBUNTU-CVE-2014-5033

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a 1 setuid process or 2 pkexec process, related to...

CVE-2014-0174

Cumin aka MRG Management Console, as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

Daphne - Tool for killing, controlling and debugging processes in Windows

Daphne is a small application for killing, controlling and debugging Windows’ processes. It was born to kill a windows process and became almost a task manager replacement. You can kill a process by dragging the mouse over the windows, by right-clicking the process in the main process list, or by...

Design/Logic Flaw

pfSense before 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

Neon WebDAV Client Library 0.2x Format String Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10136/info It has been reported that the Neon client library is prone to multiple remote format string vulnerabilities. This issue is due to a failure of the application to properly implement format string functions...

PHPBB 2.0.x Authentication Bypass Vulnerability (3)

No description provided by source. source: http://www.securityfocus.com/bid/12678/info phpBB is affected by an authentication bypass vulnerability. This issue is due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerability would...

PHP Arena <= 1.1.3 pafiledb.php Remote Change Password Exploit

No description provided by source. !/usr/bin/perl T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m EXPLOIT FOR: PHP Arena paFileDB 1.1.3 And 0lder Expl0it By: A l p h a P r o g r a m m e r Sirus-v Email: [email protected] + Discovered By: GulfTech + Advisory:...

Linux/x86 - Disable randomize stack addresse - 106 bytes

No description provided by source. / Title: Linux/x86 - Disable randomize stack addresse - 106 bytes Set randomizevaspace to zero Author: Jonathan Salwan submit ! shell-storm.org Web: http://www.shell-storm.org Twitter: http://twitter.com/jonathansalwan !Database of Shellcodes...

OpenSupports 2.x - Auth Bypass/CSRF Vulnerabilities

No description provided by source. + Author: TUNISIAN CYBER + Exploit Title: OpenSupports v2.x AuthBypass/CSRF Vulnerabilities + Date: 15-03-2014 + Category: WebApp + Version: 2.x + Tested on: KaliLinux/Windows 7 Pro + CWE: CWE-302/CWE-89 + Vendor: http://www.opensupports.com/ + Friendly Sites:...