7 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-6873
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation...
tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments
A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...
RHEL 10 : libsoup3 (RHSA-2025:21032)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21032 advisory. Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup,...
EUVD-2015-1232
Malware in sbrugna...
PT-2023-10322 · Devise · Devise
Name of the Vulnerable Software and Affected Versions: Devise versions prior to 3.5.4 Description: The issue concerns the mishandling of Remember Me cookies for sessions, potentially allowing an adversary to gain unauthorized persistent application access. Specifically, the Devise gem generates t...
D-Link DAP-1330 Certification Bypass Vulnerability
The D-Link DAP-1330 is an N300 Wi-Fi range extender. An authentication bypass vulnerability exists in the handling of HNAP login requests in the D-Link DAP-1330 1.10B01 BETA. The vulnerability stems from a lack of proper cookie handling. An attacker could exploit the vulnerability to execute...
Mandrake Linux Security Advisory : mozilla (MDKSA-2004:021)
A number of vulnerabilities were discovered in Mozilla 1.4 : A malicious website could gain access to a user's authentication credentials to a proxy server. Script.prototype.freeze/thaw could allow an attacker to run arbitrary code on your computer. A vulnerability was also discovered in the NSS...