EUVD-2024-3106

Malicious code in bioql PyPI...

cookie accepts cookie name, path, and domain with out of bounds characters

Impact The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, serialize"userName=alert'XSS3'; Max-Age=2592000; a", value would result in "userName=alert'XSS3'; Max-Age=2592000; a=test", setting userName cookie to and ignoring value. ...

PT-2024-25188 · Asus · Asus Rt-Ax88U

Name of the Vulnerable Software and Affected Versions: ASUS RT-AX88U router firmware versions 3.0.0.4.388 24198 Description: The issue is related to a Buffer Overflow that allows a remote attacker to execute arbitrary code. This is due to improper length validation for the cookie field in the...

Discuz! ML arbitrary code execution vulnerability alerts-a vulnerability alert-the black bar safety net

2019 Year 7 month 11 days, the network appeared on a Discuz it! ML remote code execution vulnerability PoC, through Sangfor security researcher to verify the analysis found, the attacker can use the vulnerability in the request flow of the cookie field in the language parameter to insert arbitrar...

CVE-2018-15701

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field...

CVE-2018-15701

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field...

Authentication flaw

BlogPHP 2.0 allows remote attackers to bypass authentication, and post 1 messages or 2 comments as an arbitrary user, via a modified blogphpusername field in a cookie...

Cross-site achieve HTTP session hijacking-vulnerability warning-the black bar safety net

A Web application is by 2 ways to determine and keep track of different users: a Cookie or Session also called session-Cookie is. Wherein the Cookie is stored on the local computer, the expiration time is very long, so for the Cookie of the means of attack is generally to steal user Cookies and...

Sql injection

Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to execute arbitrary SQL commands via the 1 id, 2 forumid, or 3 threadid parameter to index.php; the 4 ICQ, 5 AIM, 6 MSN, 7 Google Talk, 8 Website Name, 9 Website Address, 10 Email Address, 11 Location, 12 Signatur...

CVE-2006-1811

Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to execute arbitrary SQL commands via the 1 id, 2 forumid, or 3 threadid parameter to index.php; the 4 ICQ, 5 AIM, 6 MSN, 7 Google Talk, 8 Website Name, 9 Website Address, 10 Email Address, 11 Location, 12 Signatur...

CVE-2002-1831

Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service crash via an invite request that contains hex-encoded spaces %20 in the Invitation-Cookie field...