25 matches found
EUVD-2009-1830
Malware in sbrugna...
ROS-20231016-05
A vulnerability in the curl program line utility is related to a copy of the hostname in the buffer instead of the allowed address. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the libcurl library is related to...
rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names
A flaw was found in rubygem-rack. An attacker may be able to trick a vulnerable application into processing an insecure non-SSL or cross-origin request if they can gain the ability to write arbitrary cookies that are sent to the application. The highest threat from this vulnerability is to data...
wget: Cookie injection allows malicious website to write arbitrary cookie entries into cookie jar
A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains...
USN-3643-1 wget vulnerability
It was discovered that Wget incorrectly handled certain inputs. An attacker could possibly use this to inject arbitrary cookie values...
GNU wget - Cookie Injection Vulnerability
Exploit for linux platform in category local exploits GNU Wget Cookie Injection CVE-2018-0494 ========================================= The latest version of this advisory is available at: https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt Overview -------- GNU Wget is susceptible to a...
GNU wget - Cookie Injection
GNU Wget Cookie Injection CVE-2018-0494 ========================================= The latest version of this advisory is available at: https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt Overview -------- GNU Wget is susceptible to a malicious web server injecting arbitrary cookies to th...
GNU wget - Cookie Injection
GNU wget - Cookie Injection GNU Wget Cookie Injection CVE-2018-0494 ========================================= The latest version of this advisory is available at: https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt Overview -------- GNU Wget is susceptible to a malicious web server...
Authentication Bypass Vulnerability in S-CMS Backend
S-CMS is a corporate website building system developed by Zibo Shining Network Technology Co. There is an authentication bypass vulnerability in the S-CMS backend and two sensitive files. The vulnerability is caused by the system's failure to accurately verify cookie information, and an attacker...
Cross-site scripting vulnerability in OurPHP search box
OurPHP 傲派建站系统 is a website content management system developed using PHP language, the developer is Harbin Weicheng Technology Co. A cross-site scripting vulnerability exists in the search box of OurPHP version 1.7.3, due to the failure of the system's search box to strictly filter parameters...
The vulnerability of the URLConnection class in the Android operating system allows a hacker to inject arbitrary scripts or set arbitrary values in cookies.
The vulnerability of the HTTP header of the URLConnection class in the Android operating system exists due to the lack of measures to neutralize special elements. Exploiting this vulnerability allows a malicious actor to inject arbitrary scripts or set arbitrary values in cookies remotely...
Backend Authentication Bypass Vulnerability in S-CMS
S-CMS is a corporate website building system developed by Zibo Shining Network Technology Co. S-CMS has a background authentication bypass vulnerability, due to the failure to accurately verify cookie information, an attacker can bypass login authentication by importing arbitrary cookie values...
Cross site request forgery (csrf)
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...
PYSEC-2016-3
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...
PYSEC-2016-3
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...
USN-3089-1 python-django vulnerability
Sergey Bobrov discovered that Django incorrectly parsed cookies when being used with Google Analytics. A remote attacker could possibly use this issue to set arbitrary cookies leading to a CSRF protection bypass...
UBUNTU-CVE-2016-7401
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...
PT-2016-7312
Name of the Vulnerable Software and Affected Versions Django versions prior to 1.8.15 Django versions 1.9.x prior to 1.9.10 Description The issue allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies, specifically when used on a site with Google...
Harvest: Opportunity to set arbitrary cookies
The location hash on a configure page is used to set a cookie value of the same content. Visiting of a page like https://%domain%.harvestapp.com/invoices/configurefoo will result into a foo cookie setting. This value isn't validated at all, which gives an attacker the opportunity to set arbitrary...
CVE-2015-0747
CVE-2015-0747 affects Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release. A remote attacker can inject arbitrary cookies by sending a crafted HTTP request due to improper input validation of an HTTP header, potentially taking control of an HTTP session. Cisco’s advisory confirms ...