CVE-2013-4572

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user...

CVE-2013-4572

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user...

CVE-2013-4572

The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user...

Hospital Management System 4.0 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Hospital Management System 4.0 - Persistent Cross-Site Scripting Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/hospital-management-system-in-php/ Version: v4.0 Tested on...

WordPress 5.2.3 - Cross-Site Host Modification Exploit

Exploit for php platform in category web applications !/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server,...

CVE-2019-0338

During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure...

GHSA-22MF-97VH-X8RW Deserialization vulnerability exists in parso

DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code...

Missing 'Cache-Control' Header

The HTTP 'Cache-Control' header is used to specify directives for caching mechanisms. The server did not return or returned an invalid 'Cache-Control' header which means page containing sensitive information password, credit card, personal data, social security number, etc could be stored on clie...

GitLab: Inadequate cache control in gitter allows to view private chat room

Hi Gitlab, Summary: I have found a inadequate cache control vulnerability in Gitter. Description: You can use the backspace button to get the full access to the account. There is no cache control and the browser saves sensitive information of a private chat room. This report is influenced by the...

WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting

Exploit Title: Wordpress Plugins Advanced-custom-fields 5.7.7 - Cross-Site Scripting Google Dork: N/A Date: 2018-12-02 Exploit Author: Loading Kura Kura Vendor Homepage: https://www.advancedcustomfields.com/ Software Link: https://www.advancedcustomfields.com/ Version: 5.7.7 Tested on: Win10...

GitLab: Unauthorized users may be able to view almost all informations related to Private projects.

Summary: On the most of pages related to Private projects, cache control is inadequate, so the contents of Private projects may leak to unauthorized users. Description: For visibility of projects, you can select Public, Internal, and Private. Among them, Private projects can only be viewed from...

Spoof SSDP replies to phish for NTLM hashes: evil-ssdp

This tool responds to SSDP multicast discover requests, posing as a generic UPNP device on a local network. Your spoofed device will magically appear in Windows Explorer on machines in your local network. Users who are tempted to open the device are shown a configurable webpage. By default, this...

Security Bulletin: IBM Operational Decision Manager : CVE-2014-0944, CVE-2014-0945, CVE-2014-0946

Summary This Security Bulletin addresses 3 security vulnerabilities CVE-2014-0944, CVE-2014-0945 and CVE-2014-0946 in IBM Operational Decision Manager. All issue are related to the RES Console provided in Rule Execution Server. Vulnerability Details CVE ID: CVE-2014-0944 DESCRIPTION: IBM...

Microsoft Internet Explorer 11 Vbscript Code Execution

Dim lIIl Dim IIIlI6,IllII6 Dim IllI Dim IIllI40 Dim lIlIIl,lIIIll Dim IlII Dim llll,IIIIl Dim llllIl,IlIIII Dim NtContinueAddr,VirtualProtectAddr IlII=195948557 lIlIIl=Unescape"%u0001%u0880%u0001%u0000%u0000%u0000%u0000%u0000%uffff%u7fff%u0000%u0000"...

Microsoft Internet Explorer 11 (Windows 7 x86/x64) - vbscript Code Execution

Dim lIIl Dim IIIlI6,IllII6 Dim IllI Dim IIllI40 Dim lIlIIl,lIIIll Dim IlII Dim llll,IIIIl Dim llllIl,IlIIII Dim NtContinueAddr,VirtualProtectAddr IlII=195948557 lIlIIl=Unescape"%u0001%u0880%u0001%u0000%u0000%u0000%u0000%u0000%uffff%u7fff%u0000%u0000"...

Discourse: CSRF-tokens on pages without no-cache headers, resulting in ATO when using CloudFlare proxy (Web Cache Deception)

Hi, I noticed this issue on one of your clients which was using CloudFlare in front of their Discourse. This is not affecting try.discourse.org but the same underlying issue can be seen there as well even though it's not exploitable on that specific domain. The TL;DR of issue is basically:...

Information Disclosure

Moodle is vulnerable to information disclosure. The library does not send Cache-Control: private headers, allowing a malicious user to send requests for files that were previously retrieved by a caching proxy server...

http-security-headers NSE Script

Checks for the HTTP response headers related to security given in OWASP Secure Headers Project and gives a brief description of the header and its configuration value. The script requests the server for the header with http.head and parses it to list headers founds with their configurations. The...

Preventing the Cache-Control Response Header from being Set to private

Q: When Compression is enabled on a NetScaler appliance, can you prevent the Cache-Control response header being set to the value private? A: Yes. You can prevent the Cache-Control response from being set to the value private when compression is enabled on a NetScaler appliance. To prevent the...

Gratipay: Incomplete or No Cache-control and Pragma HTTP Header Set

Hello, The cache-control and pragma HTTP header have not been set properly or are missing allowing the browser and proxies to cache content. HTTP/1.1 200 OK Connection: keep-alive Server: gunicorn Date: Sun, 27 Nov 2016 16:18:06 GMT Content-Type: text/html; charset=UTF-8 X-Gratipay-Version: 2014...