If it’s about security, you heard it here first
Follow the Bouncing Malware: Gone With the WINS – Part II, (Wed, May 20th)
Imagine, if you will, that you’re the newest contestant on the latest reality-tv show, Idle American Apprentice to the Dancing Bachelorette Stars. Like all good reality shows (now there’s an oxymoron…), you have the opportunity to earn your way to be safe [...]
Vuln: PHP Site Lock Cookie Authentication Bypass Vulnerability
PHP Site Lock Cookie Authentication Bypass Vulnerability
URL: http://www.securityfocus.com/bid/34815
Vuln: Coppermine Photo Gallery ‘lang’ Cookie Parameter Local File Include Vulnerability
Coppermine Photo Gallery ‘lang’ Cookie Parameter Local File Include Vulnerability
URL: http://www.securityfocus.com/bid/30480
Vuln: Mlffat ’supervisor’ Cookie SQL Injection Vulnerability
Mlffat ’supervisor’ Cookie SQL Injection Vulnerability
URL: http://www.securityfocus.com/bid/34982
Vuln: Multiple Mr. CGI Guy Products Cookie Authentication Bypass Vulnerability
Multiple Mr. CGI Guy Products Cookie Authentication Bypass Vulnerability
URL: http://www.securityfocus.com/bid/34969
Vuln: Techno Dreams Job Career Package Cookie Authentication Bypass Vulnerability
Techno Dreams Job Career Package Cookie Authentication Bypass Vulnerability
URL: http://www.securityfocus.com/bid/34865
CVE-2009-1549 (agtc_myshop)
AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to “correcto.”
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1549
FBController – (Facebook Control Utility) version 1.0
Posted by QUAKER DOOMER on Apr 30
FBController – The Ultimate Utility to Control Facebook accounts without the Password.
Let me clear that this utility WON’T hack/crack Facebook accounts. The utility will need biscuits/cookies instead of the password.
Get the target’s cookie by [...]
Five ‘must-secure’ Web app vulnerabilities
Security holes in the Apache Geronimo Application Server and SAP cFolders headline a list of five serious Web app vulnerabilities that demand immediate attention.
According to Mark Painter from the HP Security Laboratory, the Geronimo flaws expose users to a variety of attack vectors that could lead to the theft of sensitive [...]
Flaw in https blows hole in ecommerce security
A serious flaw in the way ecommerce sites implement secure internet access based though the secure HTTPS protocol could put customers’ credit card details at risk, it was claimed today.
Internet users are aware that they should only give their credit card details to sites that use HTTPS protocol [...]
Symantec Site Vulnerable to Cross-site Scripting Assaults
According to Nemesis/t3am3lite (name of a website), Symantec’s site too is now open to XSS (cross-site scripting) attacks together with Iframe injections.
An XSS attack, according to security experts, launches when a web program collects vicious data from an end-user mostly via a hyperlink that carries malicious content inside it. [...]
Data Leak Prevention: Proactive Security Requirements of Breach Notification Laws, (Fri, Apr 24th)
I’m beginning to prepare for a talk I plan to give at SANSFIRE 09 on Data Leak Prevention. The talk will basically cover both lost of trade secrets and the loss of NPI (covered seperately because the risk profiles are different). As part [...]
CVE-2008-6738 (myshoutpro)
MyShoutPro 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin_access cookie to 1.
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6738
CVE-2008-6735 (thaiquickcart)
Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the sLanguage cookie.
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6735
Bugtraq: Multiple Remote Vulnerabilities–SQLi-(INSECURE-COOKIE-HANDLING)-LFI–>
Multiple Remote Vulnerabilities–SQLi-(INSECURE-COOKIE-HANDLING)-LFI–>
URL: http://www.securityfocus.com/archive/1/502816
Threat Expert