527 matches found
CVE-2008-6059
xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...
Firefox XMLHttpRequest allows reading HTTPOnly cookies
Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...
Firefox XMLHttpRequest allows reading HTTPOnly cookies
Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...
CVE-2009-0357
Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...
Information disclosure
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script...
CVE-2009-0411
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script...
CVE-2009-0411
Removed by vendor...
PHP iCalendar 2.24 - cookie_language Local File Inclusion Arbitrary File Upload
PHP iCalendar 2.24 - cookielanguage Local File Inclusion Arbitrary File Upload '.$lang'lcalfile'.' '.$filenumber.': '.$lang'lactionsuccess'.''; 84. el...
Coppermine Photo Gallery 1.4.10 - SQL Injection
Coppermine Photo Gallery 1.4.10 - SQL Injection table prefix\n"; print " - hostname\n"; print " - web dirname \n"; print " - force mode - '0' - for Off or "album number" for force mode On \n"; print " table prefix - prefix of sql tables\n"; print " example: " . $argv0 . " coppermine.site photo/ 1...
Moderate: Red Hat Security Advisory: httpd security, bug fix, and enhancement update
Updated httpd packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web...
Cross site scripting
Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting XSS...
PBlang 4.66z - Remote Create Admin
PBlang 4.66z - Remote Create Admin !/usr/bin/perl PBlang 4.66z Create Admin Exploit this exploit register a user with admin access Coded & Discovered By Hessam-x / Hessamx-at-Hessamx.net use IO::Socket; use LWP::UserAgent; use HTTP::Cookies; $host = $ARGV0; $uname = $ARGV1; $passwd = $ARGV2; $url...
PBlang 4.66z - Remote Code Execution
PBlang 4.66z - Remote Code Execution !/usr/bin/perl PBlang 4.66z Remote Command Execution Exploit this Exploit register a user with admin access - magicquotesgpc = Off - Only work on 4.66z Coded & Discovered By Hessam-x / Hessamx-at-Hessamx.net use IO::Socket; use LWP::UserAgent; use HTTP::Cookie...
CVE-2006-0207
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function...
Design/Logic Flaw
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function...
CVE-2006-0207
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function...
Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: PHP ext/session HTTP Response Splitting Vulnerability Release Date: 2006/01/12 Last Modified: 2006/01/12 Author: Stefan Esser [email protected] Application: PHP5 = 5.1.1...
Squid Set-Cookie Header Cross-session Information Disclosure
The remote Squid caching proxy, according to its banner, is prone to an information disclosure vulnerability. Due to a race condition, Set-Cookie headers may leak to other users if the requested server employs the deprecated Netscape Set-Cookie specifications with regards to how cacheable content...
security flaw
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies...
Squid < 2.5.STABLE10 Set-Cookie Authentication Information Disclosure
Binary data 2669.prm...