166 matches found
Fedora 40 : python3-docs / python3.12 (2024-1d0cb3b43f)
The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-1d0cb3b43f advisory. This is the sixth maintenance release of Python 3.12 ==================================================== Python 3.12 is the newest major release of...
CVE-2024-7592
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
RICOH Printers Improper Authentication Vulnerability (Mar 2024)
Multiple RICOH printers and multifunction printers are prone to an improper authentication vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rejetto HTTP File Server HFS Unauthenticated Remote Code Execution', 'Description' = %q The Rejetto HTTP File Server HFS version 2.x is vulnerabl...
Session fixation
Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session...
CVE-2023-45718 HCL Sametime is impacted by a failure to invalidate sessions
Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session...
CVE-2023-45718 HCL Sametime is impacted by a failure to invalidate sessions
Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session...
CVE-2023-45718
CVE-2023-45718 affects HCL Sametime Web: a failure to invalidate sessions causes sensitive cookie values to persist after a user closes the session. The NVD entry notes a high overall impact (CVSS v3.1: 7.5, HIGH) with network attack vector and no user interaction. The description specifies cooki...
Sentry 安全漏洞
Mobileiron Sentry is a smart gateway product from Mobileiron. A security vulnerability exists in Sentry versions prior to 1.14.0. An attacker could exploit this vulnerability to disclose sensitive cookie values...
SUSE CVE-2005-3355
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values"...
Security Bulletin: IBM CICS TX Standard is vulnerable to attackers being able to get cookie values (CVE-2022-34307).
Summary IBM CICS TX could allow attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. The fix...
Pi-hole 代码问题漏洞
Pi-hole is a web-grade ad-blocking application from Pi-hole, Inc. A security vulnerability exists in the Pi-hole web interface version 4.0 through versions prior to 5.18.3, which stems from improper use of cookie values...
CVE-2022-4221
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7...
CVE-2022-4221
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7...
Command injection
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7...
CVE-2022-4221 OS command injection in ASUS M25 NAS
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7...
CVE-2022-4221 OS command injection in ASUS M25 NAS
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7...
PT-2022-26313 · Asus · Asus Nas-M25
Name of the Vulnerable Software and Affected Versions: Asus NAS-M25 versions through 1.0.1.7 Description: The issue is related to an improper neutralization of special elements used in an OS command, allowing an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie value...
ASUS NAS-M25 操作系统命令注入漏洞
The ASUS NAS-M25 is a storage server from Asus China. A security vulnerability exists in ASUS NAS-M25 version 1.0.1.7 and prior versions, which stems from an improperly neutralized special element used OS Command Injection vulnerability that allows an unauthenticated attacker to inject arbitrary...
WordPress plugin Simple:Press 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A reflective cross-site...