Lucene search
+L

499 matches found

cve
cve
added 2008/05/09 6:0 p.m.41 views

CVE-2008-2134

CVE-2008-2134 affects the Journal module in Tru-Zone Nuke ET 3.x. An attacker can remotely obtain access to arbitrary user accounts and modify or delete data by supplying a modified username in an unspecified cookie. The vulnerability is documented in multiple sources (NVD entry CVE-2008-2134). T...

6.8CVSS6.8AI score0.01202EPSS
Exploits0References5Affected Software1
redhat
redhat
added 2007/10/25 5:33 p.m.5 views

php cross-site cookie insertion

The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...

4.3CVSS6AI score0.07919EPSS
Exploits0References4
cve
cve
added 2007/10/24 11:0 p.m.94 views

CVE-2003-1492

CVE-2003-1492 affects Netscape Navigator 7.0.2 and Mozilla, where an HTTP request to a domain with a trailing dot can cause cross-domain cookie access. The connected ROSA advisory lists this CVE as Fixed and notes remediation as updating Firefox (DNF command reference: sudo dnf update firefox). T...

5CVSS6.5AI score0.01202EPSS
Exploits1References3Affected Software2
exploitdb
exploitdb
added 2007/06/01 12:0 a.m.34 views

RevokeBB 1.0 RC4 - Blind SQL Injection / Hash Retrieve

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love ------------------------------------------------------------- "; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.="...

7.4AI score
Exploits0
seebug
seebug
added 2007/05/22 12:0 a.m.37 views

Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit

No description provided by source. ?php errorreportingEALL; $normdelay = 0; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // WordPress 2.1.3 "admin-ajax.php" sql injection blind fishing exploit //...

7.1AI score
Exploits0
cve
cve
added 2006/07/25 1:0 a.m.44 views

CVE-2006-3837

CVE-2006-3837 affects the Guestbook component of Professional Home Page Tools. The vulnerable code path in the delcookie.php script alters a cookie’s expiration date instead of deleting its value, enabling an attacker to more easily retrieve the cookie and, after logout, obtain the administrator’...

5CVSS7AI score0.01138EPSS
Exploits0References5Affected Software1
exploitdb
exploitdb
added 2006/03/25 12:0 a.m.38 views

WebAlbum 2.02pl - COOKIE[skin2] Remote Code Execution

!/usr/bin/php -q -d shortopentag=on this works with magicquotesgpc=Off\r\n"; echo "dork: WEBalbum 2004-2006 duda\r\n"; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendec...

7.4AI score
Exploits0
nvd
nvd
added 2005/05/03 4:0 a.m.16 views

CVE-2005-0157

The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned...

7.5CVSS6.5AI score0.012EPSS
Exploits0References1
cve
cve
added 2005/02/13 5:0 a.m.61 views

CVE-2004-0871

CVE-2004-0871 refers to a cross security boundary cookie injection issue in which cookies set over HTTP can be presented to HTTPS in the same domain (the cookie domain attribute can enable leakage across secure boundaries). The connected documentation attributes this to multiple browsers (Interne...

5CVSS6.6AI score0.01139EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2005/02/13 5:0 a.m.51 views

CVE-2004-0866

Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session...

6.8AI score0.10075EPSS
Exploits0References4
nvd
nvd
added 2004/12/31 5:0 a.m.17 views

CVE-2004-2578

phpGroupWare before 0.9.16.002 transmits the 1 header admin and 2 setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords...

5CVSS6.7AI score0.01425EPSS
Exploits0References4
cvelist
cvelist
added 2004/09/24 4:0 a.m.31 views

CVE-2004-0867

Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected...

6.9AI score0.17183EPSS
Exploits0References7
redhat
redhat
added 2004/03/10 2:37 p.m.8 views

Important: Red Hat Security Advisory: : Updated kdelibs packages resolve cookie security issue

Updated kdelibs packages that fix a flaw in cookie path handling are now available. Konqueror is a file manager and Web browser for the K Desktop Environment KDE. Flaws have been found in the cookie path handling between a number of Web browsers and servers. The HTTP cookie standard allows a Web...

7.5CVSS5.8AI score0.04409EPSS
Exploits1
nvd
nvd
added 2003/12/31 5:0 a.m.11 views

CVE-2003-1454

Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access...

5CVSS7AI score0.01218EPSS
Exploits0References4
nvd
nvd
added 2003/10/06 4:0 a.m.23 views

CVE-2003-0692

KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session...

7.5CVSS6.4AI score0.02678EPSS
Exploits0References9
osv
osv
added 2003/09/19 12:0 a.m.30 views

DSA-388 kdebase - several vulnerabilities

Bulletin has no description...

10CVSS6AI score0.02678EPSS
Exploits0
nessus
nessus
added 2003/05/07 12:0 a.m.18 views

MailMaxWeb Cookie Application Path Disclosure

The remote server is running MailMaxWeb, a webmail application. The version running on the remote host stores the absolute path of this install in the cookie. A remote attacker could use this information to mount further attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

5.6AI score
Exploits0References1
securityvulns
securityvulns
added 2003/04/05 12:0 a.m.43 views

IkonBoard v3.1.1: arbitrary command execution

============================================================================ Vulnerable: IkonBoard 3.1.1 and probably earlier Category: Perl/CGI coding errors Impact: Arbitrary command execution Date: 1st April 2003 Vendor: The Jarvis Group Homepage: http://www.ikonboard.com/ Vendor Status: First...

0.3AI score
Exploits0
ptsecurity
ptsecurity
added 2001/12/31 12:0 a.m.11 views

PT-2001-2622 · Twig · Twig Webmail

Name of the Vulnerable Software and Affected Versions: TWIG webmail versions 2.7.4 and earlier Description: The default "basic" security setting in config.php for TWIG webmail stores cleartext usernames and passwords in cookies. This could allow attackers to obtain authentication information and...

7.5CVSS6.3AI score0.01115EPSS
Exploits0References5
Rows per page
Query Builder