17 matches found
MiracleLinux 3 : openssh-4.3p2-26.1.1AXS3 (AXSA:2008-272:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-272:01 advisory. OpenSSH is OpenBSD's SSH Secure SHell protocol implementation. CVE-2007-4752: ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cann...
CVE-2019-7725
includes/core/isuser.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk...
CVE-2017-20206
The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the wpmudevappointments cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this...
EUVD-2019-18442
Malware in sbrugna...
EUVD-2007-4733
Malware in sbrugna...
Deserialization Of Untrusted Data
auth0/auth0-php is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insecure deserialization due to the SDK processing untrusted cookie data without authentication, allowing attackers to inject malicious serialized payloads...
K14161: OpenSSH vulnerability CVE-2007-4752
Security Advisory Description When OpenSSH prior to version 4.7 fails to generate an untrusted cookie, it falls back to create a trusted X11 authentication cookie instead. As a result, attackers may be able to launch an unauthorized forwarded X11 session through SSH. Impact None. F5 products do n...
SUSE CVE-2007-4752
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted...
OpenSSH < 4.7 Improper Input Validation Vulnerability
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. Copyright C 2021 Greenbone Networks GmbH Some...
CVE-2019-7725
includes/core/isuser.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk...
CVE-2019-9056
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php, it is possible to reach an unserialize call with an untrusted FEU cookie, and achieve authenticated object injection...
CVE-2019-9056
An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php, it is possible to reach an unserialize call with an untrusted FEU cookie, and achieve authenticated object injection...
SuSE9 Security Update : OpenSSH (YOU Patch Number 11931)
This update fixes a bug in ssh's cookie handling code. It does not properly handle the situation when an untrusted cookie cannot be created and uses a trusted X11 cookie instead. This allows attackers to violate the intended policy and gain privileges by causing an X client to be treated as...
openssh falls back to the trusted x11 cookie if generation of an untrusted cookie fails
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted...
VulnCheck KEV: CVE-2007-4752
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted...
openssh security update
4.3p2-26.el52.1 - CVE-2007-4752 - Prevent ssh1 from using a trusted X11 cookie if creation of an untrusted cookie fails 280361...
DEBIAN-CVE-2007-4752
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted...