556 matches found
WordPress Debugger & Troubleshooter plugin <= 1.3.2 - Unauthenticated Privilege Escalation to Administrator via Cookie Manipulation vulnerability
Unauthenticated Privilege Escalation to Administrator via Cookie Manipulation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Debugger & Troubleshooter versions = 1.3.2...
CVE-2026-22204
wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the commentauthoremail cookie. Attackers can craft a malicious cookie value that, when processed through urldecode and passed to wpmail...
CRLF Injection
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to CRLF Injection via the setCookie utility. An attacker can inject unauthorized cookie attributes by supplying specially crafted input containing semicolons, carriage returns, or newline...
MiracleLinux 8 : mod_auth_openidc:2.3 (AXSA:2024-8687:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8687:01 advisory. modauthopenidc: DoS when using OIDCSessionType client-cookie and manipulating cookies CVE-2024-24814 Tenable has extracted the preceding description block...
CVE-2022-50926
WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication...
CVE-2022-50926
The vulnerability CVE-2022-50926 affects WAGO 750-8212 PFC200 G2 2ETH RS firmware. A flaw allows an unauthenticated attacker to escalate privileges by manipulating the session cookie’s name and roles, gaining administrative access. Documents indicate this is a cookie-based privilege escalation wi...
CVE-2018-10189
An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each...
CVE-2021-28680
The devisemasquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise without this extension is used. If the...
CVE-2022-35507
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...
CVE-2022-23485
Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result...
CVE-2020-7879
This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie'COOKIE' . The value is transferred to the --header option in wget binary, and there is no validation check...
CVE-2025-15255
A vulnerability was determined in Tenda W6-S 1.0.0.4510. This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has...
EUVD-2025-205819
A vulnerability was determined in Tenda W6-S 1.0.0.4510. This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has bee...
CVE-2025-15194
A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack...
CVE-2021-47721
Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized...
📄 ICTBroadcast 7.0 Remote Code Execution
A vulnerability in ICTBroadcast version 7.0 allows unauthenticated remote command execution due to improper handling of session cookie values. An attacker can modify cookie entries to inject system commands that the application unintentionally executes...
EUVD-2008-6201
Malware in sbrugna...
EUVD-2008-4764
Malware in sbrugna...
EUVD-2002-1713
Malware in sbrugna...
EUVD-2008-4694
Malware in sbrugna...