USN-8198-1 python-tornado vulnerabilities

It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of service. CVE-2026-31958 It was discovered that Tornado did not properly validate characters in cookie values. An attacker could possibly use...

USN-8198-1: Tornado vulnerabilities

It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of service. CVE-2026-31958 It was discovered that Tornado did not properly validate characters in cookie values. An attacker could possibly use...

PT-2024-12113 · Taskcafe · Taskcafe

Name of the Vulnerable Software and Affected Versions: TaskCafe version 0.3.2 Description: The issue is related to a lack of validation in the Cookie value, which allows an unauthenticated attacker who knows a registered UserID to change the password of that user. This can be exploited by attacke...

UBUNTU-CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

GoldLink 3.0 - Cookie SQL Injection

source: https://www.securityfocus.com/bid/8847/info GoldLink is prone to SQL injection attacks. This is due to insufficient validation of values supplied via cookies. As a result, it may be possible to manipulate SQL queries, potentially resulting in information disclosure, bulletin board...