30 matches found
curl: Incorrect handling of control code characters in cookies
A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTPS server, where it accepts cookies using control codes byte values below 32, and also when cookies that contain such control codes are later sent back to an HTTPS server, possibly...
ROS-20221007-21
The cURL command line utility vulnerability is related to how cookies with control codes byte values less than 32 are handled. codes byte values less than 32. Exploitation of the vulnerability could allow an attacker acting remotely to send a cookie containing such control codes to a remote user...
CLSA-2022-1663184487 Fix CVE(s): CVE-2022-35252
SECURITY UPDATE: When curl sends back to an HTTPS server cookies with control bytes, it might make the server return a 400 response - debian/patches/CVE-2022-35252.patch: reject cookies with control bytes 0x01-0x1f except 0x09 plus 0x7f - CVE-2022-35252...
control code in cookie denial of service
When curl retrieves and parses cookies from an HTTPS server, it accepts cookies using control codes byte values below 32. When cookies that contain such control codes are later sent back to an HTTPS server, it might make the server return a 400 response. Effectively allowing a "sister site" to de...
UBUNTU-CVE-2022-35252
When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...
Unspecified Vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway is a suite of file transfer software from IBM in the United States. The software integrates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet. A security vulnerability exists in IBM Sterling File Gateway...
Ubiquiti Administration Portal - Remote Command Execution (via Cross-Site Request Forgery)
Exploit for hardware platform in category web applications !-- KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution Title: Ubiquiti Administration Portal CSRF to Remote Command Execution Advisory ID: KL-001-2016-002 Publication Date: 2016.06.28 Publication URL:...
Ubiquiti Administration Portal CSRF to Remote Command Execution
Vulnerability Details Affected Vendor: Ubiquiti Affected Product: AirGateway, AirFiber, mFi Affected Version: 1.1.6, 3.2, 2.1.11 Platform: Embedded Linux CWE Classification: CWE-352: Cross-Site Request Forgery CSRF; CWE-77: Improper Neutralization of Special Elements used in a Command 'Command...
Wodig4. 1. 3 Access the free version(UTF-8)upload vulnerability-vulnerability warning-the black bar safety net
Author: unknown 1, The upload/uploadimage. asp, Mutiuploadimage. asp. From the cookie to obtain the userid and put in the session, as the path. ASP/Visual Basic code 1. loadsrc="/UploadFile/"&Request. Cookies"UserID"&"/" 'if the website is not put in with the directory, please/UploadFile before...
MailWorks Professional - Authentication bypass
Pimp industries. "Its all about the Bling, B^!@s and Fame!" MailWorks Professional All versions Authentication bypass via cookie control C Paul Craig - Pimp Industries 2004 Background ------------- MailWorks Professional is a mailing list management application, developed by sitecubed. It provide...