CVE-2022-37109

patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when...

EUVD-2008-6674

Malware in sbrugna...

EUVD-2008-6987

Malware in sbrugna...

EUVD-2008-3393

Malware in sbrugna...

EUVD-2008-5044

Malware in sbrugna...

EUVD-2007-5741

Malware in sbrugna...

CVE-2024-13060

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...

CVE-2024-57436

RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie...

CVE-2022-34313 IBM CICS TX Standard is vulnerable to allowing attackers access to an application via insecure session cookies

IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can...

PT-2021-11642 · WordPress · Wp Hotel Booking

Name of the Vulnerable Software and Affected Versions: wp-hotel-booking plugin versions 1.10.2 and earlier Description: The issue allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress hotel booking 1 cookie in the includes/class-wphb-sessions.php...

Simple E-Document upload Remote Code Execution

A remote code execution vulnerability has been found in Simple E-Document. The vulnerability is due to the access cookie which could be abused to bypass authentication. A remote attacker can exploit this weakness to upload malicious PHP files which could result in arbitrary code execution in the...

Burden 1.8 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Product: Burden Vendor: Josh Fradley Vulnerable Versions: 1.8 and probably prior Tested Version: 1.8 Advisory Publication: December 18, 2013 without technical details Vendor Notification: December 18, 2013 Vendor Patch: December 18, 2013 Publi...

CVE-2008-6854

Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value...

CVE-2006-4914

Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the zelangue02 cookie, as demonstrated by using the choixlng parameter to choixlangue.php to indirectly set the cookie, then accessing livredor.php to trigger the inclusion...

PHPGedView 2.52.6 - index.php Cross-Site Scripting

PHPGedView 2.52.6 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/11880/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue...

Multiples holes in PHP services.

The url http://www.host.com/index.php?loggedin=true&action=auser&newun=test&newpw=test&newpw1=test&newlevel=1&submit=Save allow to create an admin access nick : test, password : test on a nWebSystems Voting System site. More details in french : http://balteam.multimania.com/Tuts/nwebsystemsvs.txt...

Re: Several javascript vulnerabilities in Opera

Dear bugtraq, I mailed Opera one week ago about a similiar javascript vulnerability in Opera. I was still waiting for any respond from Opera when I saw Guninski's bugtraq post. One thing that wasn't mentioned and might not be obvious is that the vulnerability can also be used to list files on the...