18 matches found
CVE-2026-6510
The CVE-2026-6510 entry describes a privilege-escalation flaw in the InfusedWoo Pro WordPress plugin. Affected component: iwar_save_recipe() AJAX handler; root cause: missing nonce verification and capability checks. Impact: unauthenticated attackers can craft a URL to pair an HTTP post trigger w...
CVE-2026-25072
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...
CVE-2025-69602
A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application does not regenerate the session identifier after successful authentication. As a result, the same session cookie value is reused for users logging in from the same browser, allowing an attacker who c...
CVE-2025-8118
Technical details for CVE-2025-8118 are not publicly available in the provided documents; no affected product/version or fix is described here. Monitor for updates.
Cookies are sent to external images in rendered diff (and server side request forgery)
Impact The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other domains and include all cookies that...
bgERP v22.31 (Orlovets) - Cookie Session vulnerability / Cross-Site Scripting Vulnerabilities
Title: bgERP v22.31 Orlovets - Cookie Session vulnerability & Cross-Site Scripting XSS Author: nu11secur1ty Vendor: https://bgerp.com/Bg/Za-sistemata Software: https://github.com/bgerp/bgerp/releases/tag/v22.31 Reference:...
bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS)
Title: bgERP v22.31 Orlovets - Cookie Session vulnerability & Cross-Site Scripting XSS Author: nu11secur1ty Date: 01.31.2023 Vendor: https://bgerp.com/Bg/Za-sistemata Software: https://github.com/bgerp/bgerp/releases/tag/v22.31 Reference:...
23-Year-Old Russian Hacker Wanted by FBI for Running Marketplace of Stolen Logins
A 23-year-old Russian national has been indicted in the U.S. and added to the Federal Bureau of Investigation's FBI Cyber Most Wanted List for his alleged role as the administrator of Marketplace A, a cyber crime forum that sold stolen login credentials, personal information, and credit card data...
Valve: Big Picture web browser leaks login cookies and discloses sensitive information (may lead to account takeover)
Researcher reported an issue where certain secure cookies would be included in a web request initiated through Steam Big Picture mode that was initially to a trusted origin but subsequently forwarded to a site on a different origin...
Brazil's Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users
Brazil's biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers' personal and payment-related information publicly accessible online that could have been accessed by anyone without authentication. SafetyDetective researcher Anurag Sen last month discovered two...
UBUNTU-CVE-2019-7350
Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies between 3 and 5 is being generated when a user successfully logs in, and these...
CVE-2017-17735
CMS Made Simple CMSMS before 2.2.5 does not properly cache login information in cookies...
PHPMailer Cross-Site Scripting Vulnerability
PHPMailer is a package of PHP functions for sending e-mail . A cross-site scripting vulnerability exists in PHPMailer. An attacker can exploit this vulnerability to obtain user login cookie information...
CompuIT CMS - Cross Site Scripting Vulnerability
Exploit for php platform in category web applications - Title : CompuIT CMS - Cross Site Scripting Vulnerability - Author : ZwX - Date : 01/12/2015 - Vendor : http://www.compuitgh.com - Tested On : Windows 7 =============================== Description Vulnerability : =============================...
Amiro CMS 5.14 - XSS (Reflected) Vulnerability
Exploit for php platform in category web applications Title : Amiro CMS 5.14 - XSS Reflected Vulnerability Date : 14/01/2015 Author : ZwX Demo Link : http://dart.amirocms.com/ Vendor : http://www.amirocms.com/ Tested on : Windows 7 Description It is possible to redirect to a malicious site admin ...
Native DOM methods can be hijacked across domains — Mozilla
A malicious page can hijack native DOM methods on a document object in another domain, which will run the attacker's script when called by the victim page. This could be used to steal login cookies, password, or other sensitive data on the target page, or to perform actions on behalf of a logged-...
XSS viewing javascript: frames or images from context menu — Mozilla
Paul Nickerson demonstrated that if an attacker could convince a user to right-click on a broken image and choose "View Image" from the context menu then he could get javascript to run on a site of the attacker's choosing by making the image src attribute a javascript: URL and loading the target...
Standalone applications can run arbitrary code through the browser — Mozilla
Several media players, for example Flash and QuickTime, support scripted content with the ability to open URLs in the default browser. The default behavior for Firefox was to replace the currently open browser window's content with the externally opened content. If the external URL was a...