Lucene search
K

160 matches found

Tenable Nessus
Tenable Nessus
added 2016/12/27 12:0 a.m.22 views

Debian DLA-763-1 : squid3 security update

Saulius Lapinskas from Lithuanian State Social Insurance Fund Board discovered that Squid3, a fully featured web proxy cache, does not properly process responses to If-None-Modified HTTP conditional requests, leading to client-specific Cookie data being leaked to other clients. A remote attacker...

7.5CVSS6.8AI score0.06766EPSS
Exploits0References3
Debian
Debian
added 2016/12/24 4:41 a.m.26 views

[SECURITY] [DSA 3745-1] squid3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3745-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 24, 2016 https://www.debian.org/security/faq -...

7.5CVSS7.4AI score0.06766EPSS
Exploits0
OpenVAS
OpenVAS
added 2016/12/23 12:0 a.m.24 views

Debian: Security Advisory (DSA-3745-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.06766EPSS
Exploits0References3
OSV
OSV
added 2016/12/22 9:41 p.m.11 views

MGASA-2016-0423 Updated squid packages fix security vulnerabilities

Incorrect processing of responses to If-None-Modified HTTP conditional requests leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information CVE-2016-10002. Incorrect HTTP Request header comparison...

7.5CVSS7.3AI score0.06766EPSS
Exploits0References5
CNVD
CNVD
added 2016/07/05 12:0 a.m.3 views

IBM WebSphere Application Server Liberty Profile Information Disclosure Vulnerability

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform.Liberty Profile is a WAS dynamic server Liberty Profile is a...

7.5CVSS9.2AI score0.02348EPSS
Exploits0References1
OSV
OSV
added 2016/06/10 1:59 a.m.3 views

CVE-2016-4326

The Chef Manage formerly opscode-manage add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie...

9.8CVSS6.1AI score0.04194EPSS
Exploits0References1
CNVD
CNVD
added 2016/05/22 12:0 a.m.4 views

Chef Manage cookie data arbitrary code execution vulnerability

Chef is a management system that targets IT professionals and provides configuration management and automation capabilities for the entire infrastructure.Chef Manage is an enterprise-grade Chef plug-in. Chef Manage fails to properly validate user-supplied cookie data, allowing remote attackers to...

9.8CVSS8AI score0.04194EPSS
Exploits0References1
CERT
CERT
added 2016/05/17 12:0 a.m.45 views

Chef Manage deserializes cookie data insecurely

Overview Chef Manage add-on, version 1.11.4 and earlier, deserializes cookie data insecurely, which may be leveraged to gain unauthenticated remote code execution. Description CWE-502: Deserialization of Untrusted Data - CVE-2016-4326Chef with the Chef Manage previously known as 'opscode-manage'...

9.8CVSS10AI score0.04194EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2016/02/21 12:0 a.m.38 views

PEAR LiveUser < 0.16.8 - Arbitrary File Access

PEAR LiveUser Arbitrary File Access Vendor: Markus Wolff Product: PEAR LiveUser Version: options'cookie''name'; if strlen$cookieData deleteRememberCookie; $this-stack-pushLIVEUSERERRORCOOKIE, 'error', array, 'Wrong data in cookie store in LiveUser::readRememberMeCookie'; return false; $storeid =...

6.4CVSS6.7AI score0.03918EPSS
Exploits2
OSV
OSV
added 2016/01/31 6:59 p.m.3 views

CVE-2016-1939

Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208...

5.3CVSS6.9AI score0.01765EPSS
Exploits0References8
CERT
CERT
added 2015/11/03 12:0 a.m.63 views

Commvault Edge Server deserializes cookie data insecurely

Overview Commvault Edge Server, version 10 R2, deserializes untrusted, user-provided cookie data, resulting in arbitrary OS command execution with the web server's privileges. Description CWE-502: Deserialization of Untrusted Data - CVE-2015-7253Commvault Edge Server, version 10 R2, deserializes...

10CVSS7.7AI score0.04319EPSS
Exploits0References3
CNVD
CNVD
added 2015/09/27 12:0 a.m.3 views

IBM WebSphere eXtreme Scale Information Disclosure Vulnerability

IBM WebSphere eXtreme Scale is a distributed caching solution. IBM WebSphere Extreme Scale does not set a security flag for session cookies in SSL mode, allowing remote attackers to obtain cookie information by intercepting HTTP sessions...

4.3CVSS6.5AI score0.01229EPSS
Exploits0References1
Prion
Prion
added 2014/11/18 11:59 a.m.18 views

Information disclosure

The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors...

5CVSS5.8AI score0.01492EPSS
Exploits0References7Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Ultimate Bulletin Board 6.0/6.2 UBBER Cookie HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8212/info Ultimate Bulletin Board has been reported prone to a HTML injection vulnerability. The issue likely presents itself due to a lack of sanitization performed on cookie data. It has been reported that a remote...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.9 views

427BB 2.2 Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16178/info 427BB is prone to an authentication bypass vulnerability. This issue is due to a failure in the application to properly validate user-supplied data. An attacker can exploit this issue to bypass the authenticati...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

RakhiSoftware Shopping Cart product.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/32563/info RakhiSoftware Shopping Cart is prone to multiple remote vulnerabilities. Exploiting these issues can allow attackers to obtain sensitive information, steal cookie data, access or modify data, or exploit latent...

7.1AI score
Exploits0
Drupal
Drupal
added 2014/01/22 12:0 a.m.16 views

SA-CONTRIB-2014-004 - Secure Cookie Data - Faulty Hashing

This module allows for storing data securely in a cookie through implementing the Secure Cookie Protocol. Ability to alter trusted data in the cookie The module did an incorrect comparison of the HMAC value, allowing a bypass of the HMAC verification which allows changing the cookie value. Known...

7AI score
Exploits0References14
Packet Storm
Packet Storm
added 2012/11/13 12:0 a.m.64 views

Invision IP.Board 3.3.4 unserialize() PHP Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/exploit/phpexe' class Metasploit3...

10CVSS0.7AI score0.26049EPSS
Exploits15
Packet Storm
Packet Storm
added 2011/09/23 12:0 a.m.33 views

Zyncro Cross Site Scripting / SQL Injection

============================================= INTERNET SECURITY AUDITORS ALERT 2011-003 - Original release date: 13th September 2011 - Last revised: 22nd September 2011 - Discovered by: Ferran Pichel - Severity: 7.5/10 CVSSv2 Base Scored ============================================= I...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2010/12/25 12:0 a.m.14 views

Babil CMS Insecure Cookie Handling

=================================================== Babilcms Exploit database separated by exploit 3 3 type local, remote, DoS, etc. 3 7 7 1 + Site : 1337db.com 1 3 + Support e-mail : submitat1337db.com 3 3 3 7 7 1 I'm KnocKout 1337 Member from 1337 DataBase 1 3 3 3 3...

7.4AI score
Exploits0
Rows per page
Query Builder