EUVD-2001-0001

Malware in sbrugna...

CVE-2025-47269 code-server session cookie can be extracted by having user visit specially crafted proxy URL

code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a proxy request can result in proxying to a...

CVE-2025-47269 code-server session cookie can be extracted by having user visit specially crafted proxy URL

code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a proxy request can result in proxying to a...

code-server's session cookie can be extracted by having user visit specially crafted proxy URL

Summary A maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Details Failure to properly validate the port for a proxy request can result in proxying to an arbitrary domain. The malicious URL https:///proxy/[email protected]/path would be...

MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection", 'Description' = %q This module exploits a universal cross-site...

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

CVE-2024-3400-pot Simple honeypot for CVE-2024-3400 Palo Alto...

Cross site scripting

An issue was discovered in Form Tools through 3.0.20. When an administrator creates a customer account, it is possible for the customer to log in and proceed with a change of name and last name. However, these fields are vulnerable to XSS payload insertion, being triggered in the admin panel when...

Chrome Cookie Extraction

Extract cookies from Chrome using Chrome’s Remote Debugging Protocol Recent assessments: 0xEmma at March 15, 2020 7:03pm UTC reported: Although this can lead to cookie leaks, the typical session cookie expires. And the complexity of this attack requires local access to a system, which, generally...

vBulletin vBay <=1.1.9 Error-Based SQL Injection

Exploit for php platform in category web applications !/usr/bin/env python -W ignore::DeprecationWarning """ VBay input variable "type" being assigned with the datatype NOHTML. Using this data type allows malicious attacks to still be executed. At line 448, it is used within the insert into...

CVE-2001-0001

cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie...