Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts

The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...

CVE-2023-49258

User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminaltool.cgi" in the "data" parameter...

Bogus Chat GPT extension takes over Facebook accounts

If youre particularly intrigued by the current wave of interest in AI, take care. Theres some bad things lurking in search engine results waiting to compromise your Facebook account. A rogue Chrome extension deployed in a campaign targeting Facebook users is "hitting thousands a day" according to...

redpill

This is a PowerShell module repository called "redpill" that provides various post-exploitation tools for Windows systems. The repository contains several scripts that can be used to perform different tasks such as: Bypassing AppLocker restrictions Hijacking browser cookies Downloading and...

Hardcoded credentials

Jenzabar JICS aka Internet Campus Solution before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a username and base64 encode ...

Pulse Secure VPN Arbitrary File Disclosure

This module exploits a pre-auth directory traversal in the Pulse Secure VPN server to dump an arbitrary file. Dumped files are stored in loot. If the "Automatic" action is set, plaintext and hashed credentials, as well as session IDs, will be dumped. Valid sessions can be hijacked by setting the...

phpMyAdmin Input Validation Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in version 4.6.x of...

CVE-2016-6606

An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...

DEBIAN-CVE-2016-6606

An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...

Default credentials

An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...

python-django: CSRF protection bypass on a site with Google Analytics

A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavi...

Veris: Unauthenticated CSRF(User can input any value for CSRF Token)

Hello Veris, I believe you have implemented CSRF token on the registration for a reason. In my research, I found that a user supplied CSRF Token would be accepted and even saved in the browser cookie and will be the set token on subsequent request. This report is limited to the Register and Login...

Subrion CMS vulnerable to SQL injection by an authenticated user

Overview Subrion CMS is vulnerable to SQL injection from authenticated users when a browser cookie is modified in a certain way. Description Subrion is an open source web-based content management system CMS. Subrion is vulnerable to SQL injection due to deserialization of untrusted data from a...

MyBB 1.4.5 Multiple Security Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/34798/info MyBB is prone to multiple security vulnerabilities, including an HTML-injection issue and an unspecified issue. An attacker may leverage the HTML-injection issue to execute arbitrary script code in the browser ...

Adobe Experience Cross Site Scripting

---------------------------------------------------------------------------------------------------- Title : Adobe Experience Delivers reflected Cross-site Scripting XSS vulnerability Vendor : Adobe Systems Incorporated http://www.adobe.com Description : experiencedelivers.adobe.com is vulnerable...

Wordpress Zingiri Web Shop Plugin <= 2.4.0 Multiple XSS Vulnerabilities

Exploit for php platform in category web applications Wordpress Zingiri Web Shop Plugin '; Exploit: http://localhost/wordpress/?page=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E 'page' variable isn't properly sanitized before being used. STORED XSS PS: Attacker should be logged for...

Vulnerable and pointless password storage on client computers

Given the following: -http://confluence.atlassian.com/display/DOC/Confluence+Cookies, which says "a one-way hash of the user's password" is stored in a browser cookie on the user's computer. -CSP-29692 case I opened with Atlassian support, which explained that EncryptionUtils.java is used to...

eXV2.de Browser Cookie is not properly sanitised

Details ======= Product: eXV2.de CMS = 2.0.5. Severity: moderated Remote-Exploit: yes Vendor-URL: http://www.exv2.de/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: Vision aka n-tier http://www.i-s-o.org Original Advisory: ============...

ArcadeBuilder Game Portal Manager 1.7 - SQL Injection

ArcadeBuilder Game Portal Manager 1.7 - SQL Injection --==+================================================================================+==-- --==+ Game Portal Manager v1.7 SQL Injection Vulnerability +==--...