CVE-2019-20849

An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout...

CVE-2019-20849

An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout...

Design/Logic Flaw

An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout...

CVE-2019-20849

An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout...

XSS Vulnerability in Website Building System of Guangdong Boon Network Co.

Established on July 10, 2008, Guangdong Boon Network Co., Ltd. is a provider of software and information technology services. There is an XSS vulnerability in the website builder system of Guangdong Boon Network Co. Ltd, which can be exploited by attackers to obtain user's cookie information...

Denial Of Service (DoS)

firefox is vulnerable to denial of service. Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious web site that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly...

Denial Of Service (DoS)

firefox is vulnerable denial of service. Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious web site that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly...

CVE-2020-11557

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value...

CVE-2020-4289

IBM Security Information Queue ISIQ 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM...

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

The vulnerability of the websSecurityHandler function in the MOXA EDR-810 industrial router’s web server allows a hacker to execute arbitrary code.

The vulnerability of the websSecurityHandler function offset 0x1B4B0 in the web server jffs2-root\fs1\magicP\WebServer\webs of the MOXA EDR-810 industrial router is caused by the lack of checking the size of the data being copied into a buffer of 0x200 bytes. Exploiting this vulnerability allows ...

The vulnerability in the FortiOS operating system’s web interface allows a hacker to bypass the verification of the "APSCOOKIE" cookie parameter.

The vulnerability in the FortiOS operating system’s web interface is related to the absence of the necessary encryption step. Exploiting this vulnerability allows a malicious actor to bypass the verification of the “APSCOOKIE” cookie parameter, which is used to protect information transmitted via...

python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc

A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies,...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

Yet Another Stars Rating <= 1.8.6 - PHP Object Injection

An unauthenticated PHP object injection in the "Yasr – Yet Another Stars Rating" WordPress plugin introduces a starting point for RCE and similiar high-severity vulnerabilities. As of 27.01.2019, the plugin has over 20.000 active installations and round about 500.000 downloads. A shortcode provid...

Buffer overflow

Buffer overflow in Denbun by NEOJAPAN Inc. Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier allows remote attackers to execute arbitrary code or cause a denial-of-service DoS condition via Cookie data...

CVE-2018-0683

Buffer overflow in Denbun by NEOJAPAN Inc. Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier allows remote attackers to execute arbitrary code or cause a denial-of-service DoS condition via Cookie data...

CVE-2018-0683

The CVE-2018-0683 entry describes a stack-based buffer overflow in Denbun (NEOJAPAN Inc.) related to processing Cookie data, affecting Denbun POP v3.3P R4.0 and earlier and Denbun IMAP v3.3I R4.0 and earlier. Exploitation could allow remote code execution or a denial-of-service condition. Connect...

Apple macOS nsurlstoraged Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handlin...