20 matches found
EUVD-2019-0755
Malware in sbrugna...
EUVD-2021-16417
Malware in sbrugna...
EUVD-2022-4488
Malicious code in bioql PyPI...
CVE-2025-10859
Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs This vulnerability affects Firefox for iOS 143.1...
CVE-2021-29958
When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS 34...
GHSA-9JH5-QF84-X6PR Contao: Possible cookie sharing with external domains while checking protected pages for broken links
Impact If the crawler is set to crawl protected pages, it sends the cookie header to externals URLs. Patches Update to Contao 4.13.40 or 5.3.4. Workarounds Disable crawling protected pages. References https://contao.org/en/security-advisories/session-cookie-disclosure-in-the-crawler For more...
Contao: Possible cookie sharing with external domains while checking protected pages for broken links
Impact If the crawler is set to crawl protected pages, it sends the cookie header to externals URLs. Patches Update to Contao 4.13.40 or 5.3.4. Workarounds Disable crawling protected pages. References https://contao.org/en/security-advisories/session-cookie-disclosure-in-the-crawler For more...
CVE-2024-28235 Contao possible cookie sharing with external domains while checking protected pages for broken links
Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Cont...
CVE-2024-28235 Contao possible cookie sharing with external domains while checking protected pages for broken links
Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Cont...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1172)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : curl (2023-2121eca964)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-2121eca964 advisory. - fix HSTS long file name clears contents CVE-2023-46219 - fix cookie mixed case PSL bypass CVE-2023-46218 Tenable has extracted the preceding...
Authorization header leak on port redirect in mechanize
Summary Mechanize rubygem Cookies do not provide isolation by port. If a cookie is readable by a service running on one port, the cookie is also readable by a service running on another port of the same server. If a cookie is writable by a service on one port, the cookie is also writable by a...
Insecure cookie sharing in Hawtio
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store cookies are stored locally and are not passed between the client and the end URL which means all clients using that proxy are sharing the same cookies...
February 15, 2022—KB5010421 (OS Build 20348.558) Preview
February 15, 2022—KB5010421 OS Build 20348.558 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find...
February 15, 2022—KB5010414 (OS Build 22000.527) Preview
February 15, 2022—KB5010414 OS Build 22000.527 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11 original release, see its update history page.Note Follow @WindowsUpdate ...
Code injection
When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS 34...
CVE-2021-29958
When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS 34...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Firefox for Android suffers from a security vulnerability that stems from a cookie set when downloading a file being shared between normal and private browsing modes. No details of the vulnerability ar...
CVE-2017-2589
It was discovered that the hawtio servlet uses a single HttpClient instance to proxy requests with a persistent cookie store cookies are stored locally and are not passed between the client and the end URL which means all clients using that proxy are sharing the same cookies...
PHPWIND 8.7 手机版 CSRF
简要描述: 手机版的CSRF漏洞,由于手机版和电脑版共用cookie,所以对电脑版也有效 详细说明: 手机版“退出”链接为 index.php?a=quit 帖子内容写: imghttp://xxxxxxx/m/index.php?a=quit/img 看帖后即被退出 漏洞证明: 本地测试成功退出...