31 matches found
EUVD-2008-3160
Malware in sbrugna...
EUVD-2004-0865
Malware in sbrugna...
BIT-LIBPHP-2024-2756 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...
CVE-2025-4035
A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...
SUSE CVE-2014-3620
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain...
SUSE CVE-2017-7837
SVG loaded through "" tags can use "" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox 57...
CVE-2023-23849
Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes...
Scrapy cookie-setting is not restricted based on the public suffix list
Impact Responses from domain names whose public domain name suffix contains 1 or more periods e.g. responses from example.co.uk, given its public domain name suffix is co.uk are able to set cookies that are included in requests to any other domain sharing the same domain name suffix. Patches...
GHSA-MFJM-VH54-3F96 Scrapy cookie-setting is not restricted based on the public suffix list
Impact Responses from domain names whose public domain name suffix contains 1 or more periods e.g. responses from example.co.uk, given its public domain name suffix is co.uk are able to set cookies that are included in requests to any other domain sharing the same domain name suffix. Patches...
Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Snapshot for VMware (CVE-2019-4304, CVE-2019-4305, CVE-2019-4441, CVE-2014-3603)
Summary Security vulnerabilities in WebSphere Application Server Liberty, such as spoofing, obtaining sensitive information, and bypassing security restrictions, affect IBM Spectrum Protect Snapshot formerly Tivoli Storage FlashCopy Manager for VMware. Vulnerability Details CVEID: CVE-2019-4304...
Security Bulletin: WebSphere Application Server improper cookie setting vulnerability affects IBM Control Center (CVE-2019-4305)
Summary WebSphere Application Server in IBM Control Center could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. Vulnerability Details CVEID: CVE-2019-4305 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a remote attacker to...
PYSEC-2018-80
aio-libs aiohttp-session contains a Session Fixation vulnerability in loadsession function for RedisStorage see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttpsession/redisstorage.pyL42 that can result in Session Hijacking. This attack appear to be exploitable via Any method that...
OWASP Joomla Vulnerability Scanner Project: JoomScan
OWASP JoomScan short for Joomla Vulnerability Scanner is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis. If you want to do a penetration test on a Joomla CMS, OWASP JoomScan is Your best shot ever! This Project is being faster than ever and...
Firefox SVG Cross-Domain Cookie Setting (CVE-2016-9078)
A cross-domain Cookie vulnerability exists in Firefox. The vulnerability is due to the way that Firefox handles Cookie creation. A successful attack could lead to a execution of arbitrary code on the affected system...
Shopify: Setting Arbitrary Cookie at kitcrm.com
Hey The src parameter of Image is not being sanitized which allows me to set cookies at kitcrm.com Proof of Concept 1. Create a post at https://kitcrm.com/pages/ID/manualposts/new 2. Select Schedule for Later 3. Go to Scheduled Posts https://kitcrm.com/pages/ID/manualposts 4. Click Edit on your...
Security vulnerabilities fixed in Firefox 50.0.1 — Mozilla
Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the...
DEBIAN-CVE-2014-3620
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain...
CVE-2014-3620
The provided connected sources confirm CVE-2014-3620: cURL/libcURL could allow a remote attacker to bypass security restrictions by setting cookies for Top Level Domains (TLDs). Affected are curl/libcurl prior to the fix; the issue enables a cookie to be set for a TLD (for example ".me."), and th...
USN-2346-1 curl vulnerabilities
Tim Ruehsen discovered that curl incorrectly handled partial literal IP addresses. This could lead to the disclosure of cookies to the wrong site, and malicious sites being able to set cookies for others. CVE-2014-3613 Tim Ruehsen discovered that curl incorrectly allowed cookies to be set for Top...
IBM Algorithmics RICOS 4.5.0 4.7.0 - Multiple Vulnerabilities
IBM Algorithmics RICOS 4.5.0 4.7.0 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple severe vulnerabilities product: IBM Algorithmics RICO...