159 matches found
CVE-2023-0232
The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection...
SUSE CVE-2005-2148
Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the...
SUSE CVE-2022-27776
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number...
CVE-2022-22330
IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126...
ALPINE-CVE-2022-32207
When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the...
DEBIAN-CVE-2022-32207
When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the...
CVE-2021-20355
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891...
CVE-2022-27776
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number...
SUSE-SU-2022:1717-1 Security update for nodejs10
This update for nodejs10 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe bsc1192153. - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite bsc1191963. - CVE-2021-32804: Fixed...
SUSE-SU-2022:1694-1 Security update for nodejs8
This update for nodejs8 fixes the following issues: - CVE-2021-44906: Fixed prototype pollution in npm dependency bsc1198247. - CVE-2021-44907: Fixed insuficient sanitation in npm dependency bsc1197283. - CVE-2022-0235: Fixed passing of cookie data and sensitive headers to different hostnames in...
CURL-CVE-2022-27776 Auth/cookie leak on redirect
curl might leak authentication or cookie header data on HTTP redirects to the same host but another port number. When asked to send custom headers or cookies in its HTTP requests, curl sends that set of headers only to the host which name is used in the initial URL, so that redirects to other hos...
CVE-2022-24757 Sensitive Auth & Cookie data stored in Jupyter server logs
The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are...
Mageia: Security Advisory (MGASA-2016-0423)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-37267
Cross Site Scripting XSS vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information...
IBM Guardium Data Encryption 信息泄露漏洞
IBM Security Guardium Data Encryption is an American IBM software for securing sensitive data within an organization. The software protects assets located in cloud, virtual, big data and physical environments by controlling access to databases, files, applications and containers. An information...
PHPGurukul Hospital Management System Cross-Site Scripting Vulnerability
PHPGurukul Hospital Management System is a web application for hospitals to manage doctors and patients. A persistent cross-site scripting vulnerability exists in \hms\admin\appointment-history.php in PHPGurukul Hospital Management System version 4.0. A remote attacker can exploit this...
CVE-2020-22167
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data...
Cross site scripting
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data...
CVE-2020-22167
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data...
CVE-2020-22167
PHPGurukul Hospital Management System v4.0 contains a persistent cross-site scripting (XSS) vulnerability in hms/admin/appointment-history.php. The issue allows remote registered users to exploit the page to obtain user cookie data, indicating an information disclosure risk via stored or reflecte...