The vulnerability of the PHP programming language interpreter, related to incorrect handling of cookie files, allows attackers to intercept sessions and gain unauthorized access to protected information.

The vulnerability of the PHP programming language interpreter relates to the incorrect processing of cookie files, resulting from replacing spaces, periods, and open parentheses with underscores. Exploiting this vulnerability can allow an attacker to intercept sessions and gain unauthorized acces...

The vulnerability of the curl_easy_duphandle function in the libcurl library allows a hacker to create or re-record cookies.

The vulnerability of the curleasyduphandle function in the libcurl library is related to external control via a filename or file path. Exploiting this vulnerability allows a malicious actor to create or rewrite cookie files remotely...

USN-6237-3 curl vulnerabilities

USN-6237-1 fixed several vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote...

The vulnerability of the File Manager component in the server and cloud service management panel, CloudPanel, allows a hacker to gain unauthorized access to protected information and increase their privileges.

The vulnerability of the File Manager component in the server and cloud service management panel, CloudPanel, is related to deficiencies in access control when processing clp-fm cookie files without verifying their authenticity and integrity. Exploiting this vulnerability can allow an attacker to...

USN-6237-1 curl vulnerabilities

Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. CVE-2023-28321 Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain...

SUSE CVE-2011-4328

plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions world readable for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information...

SUSE CVE-2022-32207

When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the...

The vulnerability of the cURL command-line utility stems from insufficient validation of input data, allowing a hacker to trigger a service failure.

The vulnerability of the cURL command-line utility is related to insufficient validation of input data when processing cookie files with check codes whose byte values are less than 32. Exploiting this vulnerability allows a remote attacker to trigger a server error Bad Request by sending cookie...

AZL-10103 CVE-2022-32207 affecting package curl for versions less than 7.84.0-1

When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the...

CVE-2022-32207

When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the...

Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting XSS vulnerability in the Calendar feature that allows an attacker to execute arbitrary code...

The vulnerability of the Apache Shiro framework, related to the default use of the “remember me” configuration, allows attackers to compromise the integrity of cookies.

The vulnerability of the Apache Shiro framework is related to the default use of the “remember me” configuration. Exploiting this vulnerability allows a malicious actor to affect the integrity of cookie files...

The vulnerability of SCALANCE programmable logic controllers’ microprogramming software is related to insufficient protection of the website structure, allowing attackers to obtain the protected web connection identifiers.

The vulnerability of the microprogrammed programmable logic controller SCALANCE is related to insufficient protection of the website structure. Exploiting this vulnerability could allow an attacker to disclose the protected web connection identifiers from cookie files through a specially crafted...

CVE-2011-4328

plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions world readable for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information...

CVE-2011-4328

plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions world readable for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information...

Information disclosure

plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions world readable for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information...

CVE-2011-4328

plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions world readable for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information...

CVE-2011-4328

Removed by vendor...

Fedora 15 : uzbl-0-0.26.20110402gite7578e27c.fc15 (2012-2364)

Lock down cookie file permissions to not be world-readable. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Microsoft Internet Explorer Cookie Hijacking Vulnerability

The host is installed with Internet Explorer and is prone to cookie hijacking vulnerability. OpenVAS Vulnerability Test $Id: gbmsiecookiehijackingvuln.nasl 6526 2017-07-05 05:43:52Z cfischer $ Microsoft Internet Explorer Cookie Hijacking Vulnerability Authors: Sooraj KS Copyright: Copyright c 201...