159 matches found
Red Hat Ceph跨站脚本漏洞
Red Hat Ceph is a Linux petabyte-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system without a single point of failure based on POSIX Portable Operating System Interface, enabling fault-tolerant and seamless replication of data. A...
Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking
Makers of the Chrome, Firefox and Edge browsers are urging users to patch critical vulnerabilities that if exploited allow hackers to hijack systems running the software. The Mozilla Firefox vulnerability CVE-2020-16044 is separate from a bug reported in Google’s browser engine Chromium, which is...
IBM Cloud Pak for Security Information Disclosure Vulnerability (CNVD-2020-68252)
IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. An information disclosure vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. The vulnerability stems from the HTTPOnly flag not...
CVE-2020-4625
IBM Cloud Pak for Security 1.3.0.1CP4S could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie...
IBM Cloud Pak for Security 信息泄露漏洞
IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. An information disclosure vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. The vulnerability stems from the HTTPOnly flag not...
Stored Cross-Site Scripting Vulnerability in CupCMS Member Center
CupCMS is a content management system that integrates video, stars, news, comics, community and more. A stored cross-site scripting vulnerability exists in CupCMS Member Center, which can be exploited by attackers to obtain sensitive information such as user cookies...
CVE-2019-20849
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout...
CVE-2019-20849
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout...
Design/Logic Flaw
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout...
CVE-2019-20849
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout...
XSS Vulnerability in Website Building System of Guangdong Boon Network Co.
Established on July 10, 2008, Guangdong Boon Network Co., Ltd. is a provider of software and information technology services. There is an XSS vulnerability in the website builder system of Guangdong Boon Network Co. Ltd, which can be exploited by attackers to obtain user's cookie information...
Denial Of Service (DoS)
firefox is vulnerable to denial of service. Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious web site that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly...
Denial Of Service (DoS)
firefox is vulnerable denial of service. Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious web site that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly...
CVE-2020-11557
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value...
CVE-2020-4289
IBM Security Information Queue ISIQ 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM...
python: Information Disclosure due to urlsplit improper NFKC normalization
It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...
The vulnerability of the websSecurityHandler function in the MOXA EDR-810 industrial router’s web server allows a hacker to execute arbitrary code.
The vulnerability of the websSecurityHandler function offset 0x1B4B0 in the web server jffs2-root\fs1\magicP\WebServer\webs of the MOXA EDR-810 industrial router is caused by the lack of checking the size of the data being copied into a buffer of 0x200 bytes. Exploiting this vulnerability allows ...
The vulnerability in the FortiOS operating system’s web interface allows a hacker to bypass the verification of the "APSCOOKIE" cookie parameter.
The vulnerability in the FortiOS operating system’s web interface is related to the absence of the necessary encryption step. Exploiting this vulnerability allows a malicious actor to bypass the verification of the “APSCOOKIE” cookie parameter, which is used to protect information transmitted via...
python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc
A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies,...
bootstrap: XSS in the affix configuration target property
A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...