Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauthenticated Blind SQL Injection

It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The updatelog function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected v...

CVE-2024-0947 Cookies Manipulation in Talya Informatics' Elektraweb

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb:...

Apache Shenyu Server Side Request Forgery vulnerability

There exists an SSRF Server-Side Request Forgery vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular concern is our ability...

Automattic: [api.tumblr.com] Denial of Service by cookies manipulation

Hello Summary: I have found at api.tumblr.com two parameters consumerkey && consumersecret allow to modify oa-consumerkey && oaconsumersecret cookies values and property. An attacker can send a malicious link to reset the cookies of api.tumblr.com, this lead to DOS. To trigger the DOS, the...

openSUSE Security Update : webkit2gtk3 (openSUSE-2019-566)

This update for webkit2gtk3 to version 2.20.3 fixes the following issues : These security issues were fixed : - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch bsc1097693. - CVE-2018-4199: An...

CVE-2017-13702

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused...

CVE-2014-6029

TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php...

Design/Logic Flaw

rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query string...

CVE-2009-4546

globepersonnellogin.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the 1 pbusername aka pb%5Fusername and 2 level cookies...

MOJO's IWMS Cross Site Scripting

Exploit Title: MOJO's IWMS Login page XSS and Cookies Manipulation. Date: 17/12/2007 Author: cp77fk4r | Empty0pagEYOU-KNOWgmail.com Software Link: http://www.mojo.co.il/ Version: X = 7 Expl0its: XSS -http://SITE/upload/default.asp?mode=wrong&ERRMSG=XSS-Vuln -Cookies Manipulation...

MOJO's IWMS Login page XSS and Cookies Manipulation

No description provided by source. Exploit Title: MOJO's IWMS Login page XSS and Cookies Manipulation. Date: 17/12/2007 Author: cp77fk4r | Empty0pagEYOU-KNOWgmail.comhttp://gmail.com Software Link: http://www.mojo.co.il/ Version: X = 7 Expl0its: XSS...

Authentication flaw

index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the loginid, groupid, loginname, userid, and usertype cookies to certain values...

CVE-2008-3504

Unspecified vulnerability in mask PHP File Manager mPFM before 2.3 has unknown impact and remote attack vectors related to "manipulation of cookies."...

Design/Logic Flaw

Unspecified vulnerability in mask PHP File Manager mPFM before 2.3 has unknown impact and remote attack vectors related to "manipulation of cookies."...

JBlog 1.0 Creat Admin exploit, xss, Cookie Manipulation

!-- Script...............: JBlog version: 1.0 Script Site..........: http://www.jmuller.net/jblog Vulnerability........: Creat Admin exploit, xss, Cookie Manipulation Access...............: Remote level................: Dangerous Author...............: S4mi Contact..............:...

CVE-2007-2578

Unspecified vulnerability in search/list/actionsearch/index.php in ACP3 4.0 beta 3 allows remote attackers to have unknown impact, relating to "Cookie Manipulation", via the formsearchterm parameter...

CVE-2007-2555

Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting XSS...

phpFoX All Version Login Exploit

phpFoX AllVersion Login to any Account Exploit found by Mx at hackmx.net Login as any user/admin/mod Action event only once This exploit will allow you to action an event per login, on any account in phpFoX All Versions. 1 Create an account on phpFox, after activating the account, login. 2 Go to...