11 matches found
USN-8018-3: Python 2.7 vulnerabilities
USN-8018-1 fixed CVE-2025-12084, CVE-2025-15282, CVE-2026-0672, CVE-2026-0865 for python3. This update provides the corresponding updates for python2.7. Original advisory details: Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this iss...
EUVD-2017-17965
Malware in sbrugna...
EUVD-2021-28276
Malicious code in bioql PyPI...
K13434228: Apache Struts vulnerability CVE-2012-0392
Security Advisory Description The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...
The vulnerability of the CookieInterceptor class implementation in the Apache Struts software platform allows a hacker to execute arbitrary code.
The vulnerability of the CookieInterceptor class implementation in the Apache Struts software platform is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary code using a specially created HTTP cookie header...
nodejs-tough-cookie: Regular expression denial of service
A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU...
HooToo HT-TM06 TripMate Elite Web Server 'protocol.csp' HTTP Cookie Header Handling RCE
The HooToo TripMate web interface running on the remote host is affected by a remote code execution vulnerability in the ioos web server vshttpd due to improper validation of overly long strings passed via the HTTP cookie header to protocol.csp. An unauthenticated, remote attacker can exploit thi...
Heap overflow
Heap buffer overflow in vshttpd aka ioos in HooToo Trip Mate 6 TM6 firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted HTTP Cookie header...
CVE-2015-5995
The CVE-2015-5995 issue involves Mediabridge Medialink MWN-WAPR300N (firmware ~5.07.50) and Tenda N3 Wireless N150 routers, where authentication can be bypassed by manipulating the HTTP Cookie header (e.g., Cookie: language-en; admin:language-en). The root cause is using unauthenticated cookie-ba...
CVE-2012-0392
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...
CVE-2012-0392
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...