kernel: fscache: Fix oops due to race with cookie_lru and use_cookie

In the Linux kernel, the following vulnerability has been resolved: fscache: Fix oops due to race with cookielru and usecookie If a cookie expires from the LRU and the LRUDISCARD flag is set, but the state machine has not run yet, it's possible another thread can call fscacheusecookie and begin t...

Mail.ru: [cfire.mail.ru] Time Based SQL Injection 2

Time based blind SQLi in cfire.mail.ru due to unsafe usage of cookie value. On the moment of reporting, Extended scope was not covered with bug bounty, bounty was awarded as a bonus...

уязвимость в Sad Raven's guestbook

доброе время суток. Недавно я нашел уязвимость в Sad Raven's guestbook версии 1.1, которая позволяет любому пользователю получить доступ в админ-центр. Заранее прошу извинить, если эту уязвимость уже кто-то нашел, но я не нашел нигде о ней никакого упоминания. Все говорят только о том, что пароли...

Account theft vulnerability in MakeBid Auction Deluxe 3.30

Date : February 9, 2002 Product : MakeBid Auction Deluxe Version 3.30 Vendor : USANet Creations URL : http://www.netcreations.addr.com/auctiondeluxe.html Vulnerability : Cross site scripting vulnerability Insecure Cookie Usage Risk : High Summary : MakeBid Auction Deluxe is a commercial PERL CGI...