9097 matches found
CVE-2012-0807
Stack-based buffer overflow in the suhosinencryptsinglecookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long...
Revamped Pwn2Own to Offer $105K in Prizes, Cash From Google for Chrome 0-Days
The Pwn2Own contest at the CanSecWest conference has become one of the landmark events on the calendar each year, as researchers gather with nervous vendors in a tiny room to see who can own which browser on which platform and how quickly. But this year’s contest will have a much different look...
Multiple Cross Site Scripting ( #XSS ) Vulnerabilities in Forbes
Multiple Cross Site Scripting XSS Vulnerabilities in Forbes Ucha Gobejishvili longrifle0x , A Georgian Security Researcher Discover two Cross Site Scripting XSS Vulnerabilities on the Official website of Forbes, an American publishing and media company. Cross-Site Scripting occurs when an attacke...
HP LaserJet Printers Unauthenticated Access
HP Laserjet printers with JetDirect cards, when configured with TCP/IP, can be configured without a password, which allows remote attackers to connect to the printer and change its IP address or disable logging. OpenVAS Vulnerability Test $Id: gbhpjetdirectunauthenticatedaccess.nasl 5940 2017-04-...
BackBox Linux 2.01 released
BackBox Linux 2.01 released The BackBox team is proud to announce the release 2.01 of BackBox Linux.The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. The ISO images 32bit & 64bit can be downloaded from the following location: What's new System upgrade...
MySQL 5.5.8 remote denial of service proof of concept exploit
No description provided by source. import socket, sys print "\n" print "----------------------------------------------------------------" print "| MySQL 5.5.8 Null Ptr windows |" print "| Level Smash the Stack |" print "----------------------------------------------------------------" print "\n"...
CVE-2011-4765
The Site Editor aka SiteBuilder feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated b...
CVE-2011-4850
The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by...
CVE-2011-4756
Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by domains/sitebuilderedit.p...
CVE-2011-4738
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by...
Design/Logic Flaw
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by...
Code injection
Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by domains/sitebuilderedit.p...
Code injection
The Site Editor aka SiteBuilder feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated b...
Code injection
The Server Administration Panel in Parallels Plesk Panel 10.2.0build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by...
Design/Logic Flaw
The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by...
CVE-2011-4738
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by...
CVE-2011-4850
The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by...
CVE-2011-4850
The CVE-2011-4850 entry affects Parallels Plesk Panel 10.4.4_build20111103.18, where the HTTPOnly flag is absent in a Set-Cookie header used by cookies (e.g., in help.php), allowing remote attackers to access cookie data via script. This could partially expose sensitive information as described. ...
CVE-2011-4729
CVE-2011-4729 : The Parallels Plesk Panel 10.2.0_build1011110331.18 Server Administration Panel fails to set the HTTPOnly flag on cookies (notably those used by login_up.php3 and other files). This exposes cookies to access via client-side scripts, leading to potential disclosure of sensitive inf...
CVE-2011-4765
The Site Editor aka SiteBuilder feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated b...