20 matches found
EUVD-2020-22025
Malware in sbrugna...
EUVD-2018-8035
Malware in sbrugna...
EUVD-2012-2423
Malware in sbrugna...
CVE-2022-0541
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flocustomtableprefix cookie to an arbitrary value...
UBUNTU-CVE-2020-29668
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...
CVE-2020-8261
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure 9.1R9 is vulnerable to arbitrary cookie injection...
Design/Logic Flaw
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure 9.1R9 is vulnerable to arbitrary cookie injection...
CVE-2020-8261
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure 9.1R9 is vulnerable to arbitrary cookie injection...
CVE-2020-8261
CVE-2020-8261: A vulnerability in Pulse Connect Secure / Pulse Policy Secure versions prior to 9.1R9 allows arbitrary cookie injection via the admin/web interfaces. Root cause details are not elaborated in the provided sources, but multiple advisories corroborate the issue. Affected products are ...
CVE-2018-16181
HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors...
CVE-2018-16181
Summary: CVE-2018-16181 is an HTTP header injection vulnerability in Digital Arts i-FILTER (Ver. 9.50R05 and earlier) that can enable remote attackers to inject headers and trigger HTTP response splitting, potentially causing arbitrary script execution or cookie manipulation. Affected software: i...
CVE-2018-19437
UCMS 1.4.7 allows remote authenticated users to change the administrator password because $COOKIE'admin'.cookiehash is used for arbitrary cookie values that are set and not empty...
Ubuntu: Security Advisory (USN-3643-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GNU Wget: Cookie injection
Background GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. Description A vulnerability was discovered in GNU Wget’s respnew function which does not validate \r\n sequences in continuation lines. Impact A remote attacker...
[SECURITY] [DLA 1375-1] wget security update
Package : wget Version : 1.13.4-3+deb7u6 CVE ID : CVE-2018-0494 Debian Bug : 898076 Harry Sintonen have discovered a cookie injection vulnerability in wget caused by insufficient input validation, enabling an external attacker to inject arbitrary cookie values cookie jar file, adding new or...
Shopify: Setting Arbitrary Cookie at kitcrm.com
Hey The src parameter of Image is not being sanitized which allows me to set cookies at kitcrm.com Proof of Concept 1. Create a post at https://kitcrm.com/pages/ID/manualposts/new 2. Select Schedule for Later 3. Go to Scheduled Posts https://kitcrm.com/pages/ID/manualposts 4. Click Edit on your...
JVN#45928828: H2O vulnerable to HTTP header injection
H2O is an open source web server software. H2O contains an HTTP header injection vulnerability. Impact An HTTP response splitting attack may result in arbitrary cookie values. Solution Update the Software Update to the latest version according to the information provided by the developer. Product...
JVN#77730435 Multiple Cybozu products vulnerable to HTTP header injection
Multiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers. Impact A remote attacker can conduct cache poisoning, send an arbitrary cookie, or execute an arbitrary script on the user's web browser. Solution Update the Software For more...
Mozilla JavaScript URL Host Spoofing Arbitrary Cookie Disclosure (deprecated)
Binary data 1314.prm...
Mozilla 0.9.x1.0 - JavaScript URL Host Spoofing Arbitrary Cookie Access
Mozilla 0.9.x1.0 - JavaScript URL Host Spoofing Arbitrary Cookie Access source: https://www.securityfocus.com/bid/5293/info Mozilla is an open source web browser available for a number of platforms, including Microsoft Windows and Linux. An issue has been reported in the Mozilla web browser which...