Lucene search
K

527 matches found

NVD
NVD
added 2009/02/05 12:30 a.m.28 views

CVE-2008-6059

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

5CVSS6.2AI score0.01946EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2009/02/04 9:39 a.m.3 views

Firefox XMLHttpRequest allows reading HTTPOnly cookies

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

5CVSS7.4AI score0.0156EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2009/02/04 8:59 a.m.7 views

Firefox XMLHttpRequest allows reading HTTPOnly cookies

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

5CVSS7.4AI score0.0156EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2009/02/04 12:0 a.m.39 views

CVE-2009-0357

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

5CVSS7.2AI score0.0156EPSS
Exploits0References4
Prion
Prion
added 2009/02/03 7:30 p.m.26 views

Information disclosure

Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script...

5CVSS6.5AI score0.01027EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2009/02/03 7:30 p.m.31 views

CVE-2009-0411

Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script...

5CVSS5.9AI score0.01027EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2009/02/03 7:0 p.m.30 views

CVE-2009-0411

Removed by vendor...

5CVSS6.9AI score0.01027EPSS
Exploits0
exploitpack
exploitpack
added 2008/09/21 12:0 a.m.39 views

PHP iCalendar 2.24 - cookie_language Local File Inclusion Arbitrary File Upload

PHP iCalendar 2.24 - cookielanguage Local File Inclusion Arbitrary File Upload '.$lang'lcalfile'.' '.$filenumber.': '.$lang'lactionsuccess'.''; 84. el...

Exploits0
exploitpack
exploitpack
added 2008/01/22 12:0 a.m.15 views

Coppermine Photo Gallery 1.4.10 - SQL Injection

Coppermine Photo Gallery 1.4.10 - SQL Injection table prefix\n"; print " - hostname\n"; print " - web dirname \n"; print " - force mode - '0' - for Off or "album number" for force mode On \n"; print " table prefix - prefix of sql tables\n"; print " example: " . $argv0 . " coppermine.site photo/ 1...

0.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2007/11/15 1:27 p.m.35 views

Moderate: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

Updated httpd packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web...

5CVSS7AI score0.12901EPSS
Exploits0References9
Prion
Prion
added 2007/05/09 5:19 p.m.12 views

Cross site scripting

Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting XSS...

4.3CVSS6.5AI score0.00989EPSS
Exploits0References4
exploitpack
exploitpack
added 2007/03/25 12:0 a.m.30 views

PBlang 4.66z - Remote Create Admin

PBlang 4.66z - Remote Create Admin !/usr/bin/perl PBlang 4.66z Create Admin Exploit this exploit register a user with admin access Coded & Discovered By Hessam-x / Hessamx-at-Hessamx.net use IO::Socket; use LWP::UserAgent; use HTTP::Cookies; $host = $ARGV0; $uname = $ARGV1; $passwd = $ARGV2; $url...

7.5AI score
Exploits0
exploitpack
exploitpack
added 2007/03/25 12:0 a.m.28 views

PBlang 4.66z - Remote Code Execution

PBlang 4.66z - Remote Code Execution !/usr/bin/perl PBlang 4.66z Remote Command Execution Exploit this Exploit register a user with admin access - magicquotesgpc = Off - Only work on 4.66z Coded & Discovered By Hessam-x / Hessamx-at-Hessamx.net use IO::Socket; use LWP::UserAgent; use HTTP::Cookie...

0.2AI score
Exploits0
NVD
NVD
added 2006/01/13 11:3 p.m.30 views

CVE-2006-0207

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function...

5CVSS6.7AI score0.04348EPSS
Exploits0References18
Prion
Prion
added 2006/01/13 11:3 p.m.33 views

Design/Logic Flaw

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function...

5CVSS6.8AI score0.04348EPSS
Exploits0References18Affected Software1
Cvelist
Cvelist
added 2006/01/13 11:0 p.m.38 views

CVE-2006-0207

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function...

6.6AI score0.04348EPSS
Exploits0References18
securityvulns
securityvulns
added 2006/01/13 12:0 a.m.41 views

Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: PHP ext/session HTTP Response Splitting Vulnerability Release Date: 2006/01/12 Last Modified: 2006/01/12 Author: Stefan Esser [email protected] Application: PHP5 = 5.1.1...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/07/20 12:0 a.m.36 views

Squid Set-Cookie Header Cross-session Information Disclosure

The remote Squid caching proxy, according to its banner, is prone to an information disclosure vulnerability. Due to a race condition, Set-Cookie headers may leak to other users if the requested server employs the deprecated Netscape Set-Cookie specifications with regards to how cacheable content...

2.6CVSS5.4AI score0.01352EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2005/06/14 7:40 p.m.7 views

security flaw

Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies...

2.6CVSS5.8AI score0.01352EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2005/04/15 12:0 a.m.17 views

Squid < 2.5.STABLE10 Set-Cookie Authentication Information Disclosure

Binary data 2669.prm...

6.4CVSS7.3AI score0.12534EPSS
Exploits0References5
Rows per page
Query Builder