EUVD-2007-1889

Malware in sbrugna...

EUVD-2014-2252

Malware in sbrugna...

EUVD-2014-7707

Malware in sbrugna...

EUVD-2022-4877

Malicious code in bioql PyPI...

CVE-2025-8528 Exrick xboot getMenuList sensitive information in a cookie

A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. It is possible to launch the attack remotely. The...

CVE-2025-48951

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.3.1 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially...

CVE-2025-5190

CVE-2025-5190 affects the WordPress plugin Browse As (versions up to 0.2). The issue is an authentication bypass caused by incorrect checking in IS_BA_Browse_As::notice using the is_ba_original_user_COOKIEHASH cookie, enabling authenticated users with subscriber-level privileges or higher to log ...

CVE-2025-5190 Browse As <= 0.2 - Authenticated (Subscriber+) Authentication Bypass via Cookie

The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is due to incorrect authentication checking in the 'ISBABrowseAs::notice' function with the 'isbaoriginaluserCOOKIEHASH' cookie value. This makes it possible for authenticated...

CVE-2024-6535

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...

IBM Datacap Navigator Information Disclosure Vulnerability (CNVD-2024-33370)

IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. An information disclosure vulnerability exists in IBM Datacap Navigator that stems from not setting a security attribute on an authorization token or session cookie, which can be exploited by an attacker t...

Exploit for SQL Injection in Wpfastestcache Wp_Fastest_Cache

CVE-2023-6063 PoC Reference - Unauthenticated SQL Inject...

CVE-2023-27570

The eotags package before 1.4.19 for PrestaShop allows SQL injection via a crafted ga cookie...

Unspecified Vulnerability in Business-Dna Solution GmbH TopEase (CNVD-2021-95575)

Business-Dna Solution GmbH TopEase is a "Transformational Risk" solution from Business-Dna Solution GmbH, Switzerland. It is used to manage complex projects and initiatives comprehensively, simply, quickly and securely. A security vulnerability exists in Business-Dna Solution GmbH TopEase, which...

imcat Cross-Site Scripting Vulnerability

imcat is a PHP-based open source website building system . A cross-site scripting vulnerability exists in imcat version 4.4. Remote attackers can use this vulnerability to inject arbitrary Web script or HTML by sending a specially crafted cookie to root/tools/adbug/binfo.php?cookie URI...

zzcms SQL Injection Vulnerability (CNVD-2018-26017)

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the admin/specialadd.php file in ZZCMS version 8.3. A remote attacker can exploit this vulnerability to obtain the current user name of mysql with the help of zxbigclass...

Shopify: H1514 Extract information about other sites (new sites) through Affiliate/Referral pages

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: This bug is based on a really...

Kaltura - Remote PHP Code Execution over Cookie Exploit

This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hard-coded cookie secret which allows to sign arbitrary cookie data...

CVE-2017-9822

DNN aka DotNetNuke before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 Critical Possible remote code execution on DNN sites."...

EUVD-2016-2653

Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote...

hacklib - Pentesting, Port Scanning, and Logging in anywhere with Python

Toolkit for hacking enthusiasts using Python. hacklib is a Python module for hacking enthusiasts interested in network security. It is currently in active development. Installation To get hacklib, simply run in command line: pip install hacklib hacklib also has a user interface. To use it, you ca...