499 matches found
CVE-2008-2134
CVE-2008-2134 affects the Journal module in Tru-Zone Nuke ET 3.x. An attacker can remotely obtain access to arbitrary user accounts and modify or delete data by supplying a modified username in an unspecified cookie. The vulnerability is documented in multiple sources (NVD entry CVE-2008-2134). T...
php cross-site cookie insertion
The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...
CVE-2003-1492
CVE-2003-1492 affects Netscape Navigator 7.0.2 and Mozilla, where an HTTP request to a domain with a trailing dot can cause cross-domain cookie access. The connected ROSA advisory lists this CVE as Fixed and notes remediation as updating Firefox (DNF command reference: sudo dnf update firefox). T...
RevokeBB 1.0 RC4 - Blind SQL Injection / Hash Retrieve
!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love ------------------------------------------------------------- "; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.="...
Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit
No description provided by source. ?php errorreportingEALL; $normdelay = 0; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // WordPress 2.1.3 "admin-ajax.php" sql injection blind fishing exploit //...
CVE-2006-3837
CVE-2006-3837 affects the Guestbook component of Professional Home Page Tools. The vulnerable code path in the delcookie.php script alters a cookie’s expiration date instead of deleting its value, enabling an attacker to more easily retrieve the cookie and, after logout, obtain the administrator’...
WebAlbum 2.02pl - COOKIE[skin2] Remote Code Execution
!/usr/bin/php -q -d shortopentag=on this works with magicquotesgpc=Off\r\n"; echo "dork: WEBalbum 2004-2006 duda\r\n"; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendec...
CVE-2005-0157
The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned...
CVE-2004-0871
CVE-2004-0871 refers to a cross security boundary cookie injection issue in which cookies set over HTTP can be presented to HTTPS in the same domain (the cookie domain attribute can enable leakage across secure boundaries). The connected documentation attributes this to multiple browsers (Interne...
CVE-2004-0866
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session...
CVE-2004-2578
phpGroupWare before 0.9.16.002 transmits the 1 header admin and 2 setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords...
CVE-2004-0867
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected...
Important: Red Hat Security Advisory: : Updated kdelibs packages resolve cookie security issue
Updated kdelibs packages that fix a flaw in cookie path handling are now available. Konqueror is a file manager and Web browser for the K Desktop Environment KDE. Flaws have been found in the cookie path handling between a number of Web browsers and servers. The HTTP cookie standard allows a Web...
CVE-2003-1454
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access...
CVE-2003-0692
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session...
DSA-388 kdebase - several vulnerabilities
Bulletin has no description...
MailMaxWeb Cookie Application Path Disclosure
The remote server is running MailMaxWeb, a webmail application. The version running on the remote host stores the absolute path of this install in the cookie. A remote attacker could use this information to mount further attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
IkonBoard v3.1.1: arbitrary command execution
============================================================================ Vulnerable: IkonBoard 3.1.1 and probably earlier Category: Perl/CGI coding errors Impact: Arbitrary command execution Date: 1st April 2003 Vendor: The Jarvis Group Homepage: http://www.ikonboard.com/ Vendor Status: First...
PT-2001-2622 · Twig · Twig Webmail
Name of the Vulnerable Software and Affected Versions: TWIG webmail versions 2.7.4 and earlier Description: The default "basic" security setting in config.php for TWIG webmail stores cleartext usernames and passwords in cookies. This could allow attackers to obtain authentication information and...