Lucene search
+L

166 matches found

Packet Storm
Packet Storm
added 2018/04/26 12:0 a.m.71 views

hik-connect.com / ezvizlife.com Authentication Bypass

There is a full write up of this bug here: https://medium.com/@evstykas/hackvision-8f50924e56d Vulnerability Security Advisory ======================================================================= title: No validation on cookie values product: hik-connect.com and ezvizlife.com vulnerable versio...

0.3AI score
Exploits0
CNVD
CNVD
added 2018/01/25 12:0 a.m.5 views

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2018-02232)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in versions prior to Mozilla Firefox 58. The vulnerability can be exploited by an attacker to access cookie values when an existing cookie is set to HttpOnly...

5.3CVSS8.7AI score0.01578EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/11/30 12:0 a.m.58 views

JVN#78501037: Movable Type plugin A-Member and A-Reserve vulnerable to SQL injection

A-Member and A-Reserve provided by ARK-Web co., ltd. are plugins for Movable Type which provide functions to build a membership website or a reservation website. A-Member and A-Reserve contain SQL injection CWE-89 vulnerability due to the issue in processing cookie values. Impact An attacker who...

9.8CVSS9.7AI score0.01269EPSS
Exploits0
Hacker One
Hacker One
added 2017/07/28 6:13 p.m.28 views

Rockstar Games: dom based xss in https://www.rockstargames.com/GTAOnline/

In this report, the researcher found a DOM-Based XSS Vulnerability and was able to demonstrate an exploit that exposed cookie values. New 404 page handling code resulted in a fix for the issue...

0.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/05/18 12:0 a.m.6 views

The vulnerability of the URLConnection class in the Android operating system allows a hacker to inject arbitrary scripts or set arbitrary values in cookies.

The vulnerability of the HTTP header of the URLConnection class in the Android operating system exists due to the lack of measures to neutralize special elements. Exploiting this vulnerability allows a malicious actor to inject arbitrary scripts or set arbitrary values in cookies remotely...

7.5CVSS7.8AI score0.018EPSS
Exploits0References5Affected Software1
Hacker One
Hacker One
added 2016/05/09 2:56 p.m.46 views

Sucuri: CRLF/HTTP header injection www.sucuri.net

I would like to report a security vulnerability on www.sucuri.net. The domain appears to be vulnerable for CRLF or HTTP header injection. This allows attackers to construct a URL that injects HTTP headers in the server's response. One of the things an attacker can do is injecting a "Set-Cookie"...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/01/27 5:40 a.m.6 views

HOME SPOT CUBE vulnerable to HTTP header injection

Overview HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains a HTTP header injection vulnerability. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.7CVSS7.1AI score0.01115EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/01/15 12:0 a.m.46 views

JVN#45928828: H2O vulnerable to HTTP header injection

H2O is an open source web server software. H2O contains an HTTP header injection vulnerability. Impact An HTTP response splitting attack may result in arbitrary cookie values. Solution Update the Software Update to the latest version according to the information provided by the developer. Product...

4.3CVSS4.2AI score0.01459EPSS
Exploits0
CNVD
CNVD
added 2015/02/05 12:0 a.m.5 views

Vulnerability in puppetlabs-rabbitmq

Puppet is the United States Puppet Labs a set of client/server C / S architecture based on the configuration management tools , it can be used to manage configuration files , users , cron tasks , packages , system services and so on. puppetlabs-stdlib is one of the implementation of the Advanced...

2.1CVSS6.5AI score0.00352EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.9 views

Geeklog 1.3.x Authentication SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7742/info Geeklog is reported to be prone to SQL injection attacks during authentication. This is due to insufficient sanitization of cookie values, which could permit an attacker to inject SQL code. This issue could be...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

OpenBB 1.0 .0 RC3 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4824/info OpenBB is web forum software written in PHP. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. It has been reported that OpenBB is vulnerable to a cross-site...

7.1AI score
Exploits0
NVD
NVD
added 2014/05/30 2:55 p.m.36 views

CVE-2013-6788

The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIXSMSALEUID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack...

7.5CVSS6.8AI score0.01628EPSS
Exploits2References4
Prion
Prion
added 2013/10/02 10:55 p.m.17 views

Design/Logic Flaw

IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via unspecified vectors...

5.8CVSS6.9AI score0.01168EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2013/10/02 10:0 p.m.24 views

CVE-2013-4067

IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via unspecified vectors...

6.4AI score0.01168EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/11/02 5:21 a.m.4 views

Pebble vulnerable to HTTP header injection

Overview Pebble contains an HTTP header injection vulnerability. Pebble is an open source weblog system. Pebble contains an HTTP header injection vulnerability. Takahisa Kishiya reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.3CVSS7.1AI score0.01168EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2010/12/07 12:0 a.m.57 views

Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.25 Multiple Vulnerabilities

According to its self-reported version number, the instance Apache Tomcat running on the remote host is 5.0.x equal to or prior to 5.0.30 or 5.5.x prior to 5.5.25. It is, therefore, affected by multiple vulnerabilities : - An error exists in several JSP example files that allows script injection...

4.3CVSS5AI score0.77376EPSS
Exploits7References8
RedHat Linux
RedHat Linux
added 2010/08/04 9:30 p.m.5 views

tomcat handling of cookie values

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks...

4.3CVSS5.8AI score0.16944EPSS
Exploits4References4
0day.today
0day.today
added 2008/07/26 12:0 a.m.20 views

phpWebNews 0.2 MySQL Edition (SQL) Insecure Cookie Handling Vuln

Exploit for unknown platform in category web applications ================================================================ phpWebNews 0.2 MySQL Edition SQL Insecure Cookie Handling Vuln ================================================================ ...:::::phpwebnews-mysql 0.2 Insecure Cookie...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2008/05/20 2:12 p.m.6 views

tomcat handling of cookie values

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks...

4.3CVSS5.8AI score0.16944EPSS
Exploits4References4
Positive Technologies
Positive Technologies
added 2008/02/08 12:0 a.m.6 views

PT-2008-1472 · Apache +1 · Apache Tomcat +1

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.1.0 through 4.1.36 Apache Tomcat versions 5.5.0 through 5.5.25 Apache Tomcat versions 6.0.0 through 6.0.14 Description: The issue arises from improper handling of double quote " characters or %5C encoded backslash...

5CVSS5.2AI score0.9444EPSS
Exploits9References78
Rows per page
Query Builder