21 matches found
[SECURITY] Fedora 41 Update: rust-cookie_store-0.21.1-1.fc41
Implementation of Cookie storage and retrieval...
[SECURITY] Fedora 42 Update: rust-cookie_store-0.21.1-1.fc42
Implementation of Cookie storage and retrieval...
CVE-2024-11638
The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user such as admin cookies by making them open a crafted URL as the request made to analysed the URL contain...
PT-2024-40831 · Git +1 · Lwan
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by a segmentation fault on an unknown address. The crash occurs in the lwan request get cookie function, which is...
Cross site scripting
A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530...
CVE-2023-5590
A null pointer dereference flaw was found in Selenium IEDriver. This issue causes the driver to crash when selenium gets the cookies from an attacker controlled page, which could leave the application unavailable. Mitigation No mitigation is currently known for the IE Driver. If possible, opt for...
Cross-Site Request Forgery in OWASP CSRFGuard
In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token...
GHSA-JX66-5WW9-M6Q4 Cross-Site Request Forgery in OWASP CSRFGuard
In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token...
LocalTapiola: Cookie exfiltration through XSS on the main search request of www.lahitapiola.fi
Basic report information Summary: Adding extra search parameters generates the creation of new input fields which can be escaped, thus generating HTML injection possibilities, Cross-Site Scripting attacks, and the retrieval of the page's cookies. Description: - Observing the Bug I was researching...
Cross site request forgery (csrf)
In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token...
WordPress Plugin Cookie Law Bar 1.2.1 - 'clb_bar_msg' Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin Cookie Law Bar 1.2.1 - 'clbbarmsg' Stored Cross-Site Scripting XSS Date: 2021-05-24 Exploit Author: Mesut Cetin Vendor Homepage: https://www.cookielawinfo.com/wordpress-plugin/ Software Link: https://wordpress.org/plugins/cookie-law-bar/ Version: 1.2.1 Tested on:...
WordPress Loginizer log SQLi Scanner
Loginizer wordpress plugin contains an unauthenticated timebased SQL injection in versions before 1.6.4. The vulnerable parameter is in the log parameter. Wordpress has forced updates of the plugin to all servers Module Options msf use auxiliary/scanner/http/wploginizerlogsqli msf...
Peplink Balance routers SQLi
Firmware versions up to 7.0.0-build1904 of Peplink Balance routers are affected by an unauthenticated SQL injection vulnerability in the bauth cookie, successful exploitation of the vulnerability allows an attacker to retrieve the cookies of authenticated users, bypassing the web portal...
Lk Scraper - An Fully Configurable Linkedin Scrape (Scrape Anything Within Linkedin)
Scrapes Any Linkedin Data Installation $ pip install git+git://github.com/jqueguiner/lkscraper Setup Using Docker compose $ docker-compose up -d $ docker-compose run lkscraper python3 Using Docker only forselenium server First, you need to run a selenium server $ docker run -d -p 4444:4444...
CyberArk Password Vault 10.6 - Authentication Bypass Vulnerability
Exploit for linux platform in category web applications Exploit Title: CyberArk Password Vault 10.6 - Authentication Bypass Author: Daniel Martinez Adan adon90 Vendor: https://www.cyberark.com Software:...
Design/Logic Flaw
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin's cookie and take over the account...
Outblaze Webmail 0 HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10756/info Outblaze Webmail is reported prone to an-HTML injection vulnerability because the application fails to properly sanitize user-supplied HTML email content. An attacker may be able to inject HTML and script code...
XSSYA - Cross Site Scripting Scanner & Vulnerability Confirmation
XSSYA work by execute the payload encoded to bypass Web Application Firewall which is the first method request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the...
ebay-xss.txt
I am still Fugitif and now I want to show you how can work one vulnerable XSS Alert Bug on Ebay.com. To be more precise our link now is http://togo.ebay.com Ok..My XSS alert can be found here http://togo.ebay.com/affiliates/create/ imghttp://funkyimg.com/u/20862ebay1JPG.jpg/img I go to select one...
Captaris (Infinite) WebMail XSS
I figured it was about time I hopped on the XSS band-wagon. Captaris www.captaris.com Infinite WebMail application is vulnerable to Cross-Site Scripting XSS attacks. The application fails to filter the following tags that can both be used to redirect a user to an attack script: Launch on e-mail...