EUVD-2018-16018

Malware in sbrugna...

EUVD-2022-46436

Malicious code in bioql PyPI...

curl 安全漏洞

curl is a cURL open source tool for transferring data from or to a server. A security vulnerability exists in curl that stems from a heap buffer boundary read error in the path comparison logic, which could lead to a crash or a security cookie being overwritten by a plaintext site...

Linux Distros Unpatched Vulnerability : CVE-2018-4232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTun...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview flarum/core is a simple discussion platform for your website. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via authoritative subdomain cookie overwrite. An attacker controlling a...

Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite

Summary A session hijacking vulnerability exists when an attacker-controlled authoritative subdomain under a parent domain e.g., subdomain.host.com sets cookies scoped to the parent domain .host.com. This allows session token replacement for applications hosted on sibling subdomains e.g.,...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via authoritative subdomain cookie overwrite. An attacker controlling a subdomain under the parent domain can set cookies scoped to the...

GHSA-HG9J-64WP-M9PX Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite

Summary A session hijacking vulnerability exists when an attacker-controlled authoritative subdomain under a parent domain e.g., subdomain.host.com sets cookies scoped to the parent domain .host.com. This allows session token replacement for applications hosted on sibling subdomains e.g.,...

CVE-2025-27794 Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite

Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain e.g., subdomain.host.com sets cookies scoped to the parent domain .host.com. This allows session token replacement f...

CVE-2025-27794 Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite

Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain e.g., subdomain.host.com sets cookies scoped to the parent domain .host.com. This allows session token replacement f...

SUSE CVE-2018-4232

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote...

openSUSE Security Update : php7 (openSUSE-2020-1767)

This update for php7 fixes the following issues : - CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to...

SUSE-SU-2020:2997-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to...

SUSE-SU-2020:2894-1 Security update for php5

This update for php5 fixes the following issues: - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names bsc1177352...

SUSE-SU-2020:2678-1 Security update for rubygem-rack

This update for rubygem-rack to version 1.6.13 fixes the following issues: - CVE-2020-8184: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names bsc1173351. - CVE-2020-8161: Fixed a directory traversal bsc1172037. - CVE-2019-16782: Fixed an...

DEBIAN-CVE-2018-4232

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote...

UBUNTU-CVE-2018-4232

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote...

Multiple Apple Products WebKit Cookies Override Vulnerability

Apple iOS and others are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems. iCloud for Windows is a cloud service based on the Windows platform. WebKit is...

[SNS Advisory No.79] A Possibility of Cookie Overwrite in Microsoft Internet Explorer

---------------------------------------------------------------------- SNS Advisory No.79 A Possibility of Cookie Overwrite in Microsoft Internet Explorer Problem first discovered on: Mon, 01 Sept 2003 Published on: Mon, 15 Nov 2004...

CVE-2004-0342

WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service crash via a 1 MKD or 2 XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one err...