104 matches found
Service Finder Bookings - Authentication Bypass
Service Finder Bookings WordPress plugin = 6.0 contains a privilege escalation caused by improper validation of user cookie in servicefinderswitchback function, letting unauthenticated attackers login as any user including admins. id: CVE-2025-5947 info: name: Service Finder Bookings -...
CVE-2025-67446
Improper Authentication Authentication Bypass exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie value e.g., setting it to "admin", an attacker can bypass the authentication schema and gain...
PT-2026-29142
Name of the Vulnerable Software and Affected Versions WordPress Debugger & Troubleshooter plugin versions through 1.3.2 Description The Debugger & Troubleshooter plugin for WordPress was susceptible to Unauthenticated Privilege Escalation. The plugin accepted the wp debug troubleshoot simulate us...
NewStart CGSL MAIN 6.06 (SP) : dbus Multiple Vulnerabilities (NS-SA-2026-0004)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has dbus packages installed that are affected by multiple vulnerabilities: - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less common, use...
MiracleLinux 8 : ruby:2.6 (AXSA:2022-3073:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3073:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...
CVE-2018-19224
An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies...
TencentOS Server 3: dbus (TSSA-2022:0097)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0097 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
EUVD-2018-10933
Malware in sbrugna...
EUVD-2013-2445
Malware in sbrugna...
EUVD-2019-4335
Malware in sbrugna...
NewStart CGSL MAIN 6.06 : dbus Multiple Vulnerabilities (NS-SA-2025-0231)
The remote NewStart CGSL host, running version MAIN 6.06, has dbus packages installed that are affected by multiple vulnerabilities: - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less common, uses o...
CVE-2010-1507
WebYaST in yast2-webclient in SUSE Linux Enterprise SLE 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key...
Cookie Poisoning
Quarkus-HTTP is vulnerable to Cookie Poisoning. The vulnerability is due to improper parsing of cookies with specific value-delimiting characters, allowing attackers to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values...
CVE-2024-12397 Io.quarkus.http/quarkus-http-core: quarkus http cookie smuggling
A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...
CVE-2023-4639
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...
undertow: Cookie Smuggling/Spoofing
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...
undertow: Cookie Smuggling/Spoofing
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...
undertow: Cookie Smuggling/Spoofing
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...
undertow: Cookie Smuggling/Spoofing
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...
SUSE CVE-2010-1507
WebYaST in yast2-webclient in SUSE Linux Enterprise SLE 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key...