14 matches found
Medium: python3.11
Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...
curl: curl mishandles `%0c%0b` sequences in HTTP responses leading to CRLF confusions, Headers and Cookies Injection
Summary: Hello, Actually, this bug was found unexpectedly during some security audits on a private asset, we found some differences on how burp proxy/python's requests library handles the asset's HTTP responses on a certain endpoint and how curl handles the same HTTP responses, the bug arises whe...
GNU wget - Cookie Injection
GNU Wget Cookie Injection CVE-2018-0494 ========================================= The latest version of this advisory is available at: https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt Overview -------- GNU Wget is susceptible to a malicious web server injecting arbitrary cookies to th...
Ubuntu 14.04 LTS : Firefox regression (USN-2458-3)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2458-3 advisory. USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. Thi...
Aspcms 1.5 COOKIES injection 0day and fix-vulnerability warning-the black bar safety net
Aspcms 1.5 COOKIES injection 0day, register an account. Then after landing to modify the COOKIES of USERID values In the back plus the injected statement: UNION SELECT 1,2,3,4,5,6,username,adminpassword,9,1 0,1 1,1 2,1 3,1 4,1 5,1 6,1 7,1 8,1 9,2 0,2 1,2 2 from Aspcmsadmins Then edit the account...
cFTP <= 0.1 (r80) Arbitrary File Upload
No description provided by source. ?php Exploit Title: cFTP = 0.1 r80 Arbitrary File Upload Date: 2011-07-29 Author: leviathan vulnerability discovered by Simon Leblanc : https://code.google.com/p/clients-oriented-ftp/issues/detail?id=78 Software Link:...
Crown Dragon technology enterprise website management system V9. 2 vulnerability-vulnerability warning-the black bar safety net
Today a busy day, quickly issued a vulnerability. Crown Dragon technology enterprise website management system V9. 2cookies injection vulnerability Vulnerability files: Shownews. asp ,ProductShow. asp,DownloadShow1. asp,MovieShow. asp Problem code: Be the first to say the anti-injection system:...
Concave Yaya 4. 7 and following versions through the kill EXP-vulnerability warning-the black bar safety net
Description: 0. google : inurl:/otype. asp? classid= 1. Type the destination Station, no accident words will you wait a while,because you want to and other script timeout error,is recommended to drink tea. 2. Then the address bar type the following code, The JavaScript hijack it. 3. Refresh once,...
BBSGood Forum program multi-page SQL injection vulnerability-vulnerability warning-the black bar safety net
BBSGOOD is domestic first using the cache technology Forum, BBSGOOD posts and list home can generate a static HTML file. 1. In the file DelShortInFo. asp: selectid=trimRequestCStringSafeRequest"selectid" //the 1 Line 1 If selectid"" then selectid = replaceselectid, ", ", " or ID=" selectid="Where...
7 1 1 enterprise web site management program V6. 0 the presence of Cookies injection vulnerability-vulnerability warning-the black bar safety net
One: the dim keyword dim sortid keyword=request"keyword" sortid=request"sortid" if sortid"" then SQL where=SQL where &" and sortid="&sortid&"" if the keyword"" then SQL where=sqlwher &" and shopname like '%"&keyword&"%'" Set rs=Server. CreateObject"ADODB. RecordSet" strsql="select from Product...
AspBar V3. 0 the entire Station management system 0day-vulnerability warning-the black bar safety net
AspBar V3. 0 the entire Station management system for the presence of Cookies injection vulnerability Kugo. asp problem code: %id=request"kuid" set rsl=server. createobject"adodb. recordset" sqll="update kulink set hits=hits+1 where ID="&ID&"" rsl. open sqll,conn,1,3 set rs=server...
News website management system vulnerability-vulnerability warning-the black bar safety net
News website management system vulnerabilities author: xk8888888 This system has N of the Year Edition,General government, schools and enterprises with much more, Special permit: to display news NewsView. asp? NewsID= Login login. asp? id=3,The main special permit is available one has a EDIT the...
pwpphp122.txt
PwsPHP v1.2.2 Final - Multiples vulnerabilities ----------------------------------------------- VULNERABLE PRODUCT ------------------ Forum: Pwsphp Version: 1.2.2 Final Vulnerabilities: Multiples -------------------------- / / / / / / / / / / / \ / // / /// // / // / / / / // / / .///// / .//...
PwsPHP v1.2.2 Final - Multiples vulnerabilities
PwsPHP v1.2.2 Final - Multiples vulnerabilities ----------------------------------------------- VULNERABLE PRODUCT ------------------ Forum: Pwsphp Version: 1.2.2 Final Vulnerabilities: Multiples -------------------------- / / / / / / / / / / / / // / /// // / // / / / / // / / .///// / .// // ./...