Lucene search
K

53 matches found

RedHat Linux
RedHat Linux
added 2016/10/10 6:10 a.m.9 views

python-django: CSRF protection bypass on a site with Google Analytics

A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavi...

7.5CVSS7.1AI score0.0613EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2016/10/10 6:10 a.m.7 views

python-django: CSRF protection bypass on a site with Google Analytics

A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavi...

7.5CVSS7.1AI score0.0613EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2016/10/10 5:56 a.m.4 views

python-django: CSRF protection bypass on a site with Google Analytics

A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavi...

7.5CVSS7.1AI score0.0613EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2016/09/27 12:17 a.m.45 views

CVE-2016-7401

A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavi...

7.5CVSS5.1AI score0.0613EPSS
Exploits1References1
OSV
OSV
added 2015/09/18 10:59 a.m.4 views

UBUNTU-CVE-2015-3801

The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors...

5CVSS5.9AI score0.02193EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2015/08/20 12:0 a.m.41 views

Aruba Mobility Controller 6.4.2.8 - Multiple Vulnerabilities

Title: Aruba Mobility Controller CSRF And XSS Vulnerabilities Date: 08/016/2015 Author: Itzik Chen Product web page: http://www.arubanetworks.com Affected Version: 6.4.2.8 Tested on: Aruba7240, Ver 6.2.4.8 Summary ================ Aruba Networks is an HP company, one of the leaders in enterprise...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2014/01/07 12:0 a.m.25 views

Middle School Homework Page 1.3 Beta 1 Cross Site Scripting / SQL Injection

Middle School Homework Page V1.3 Beta 1 - Multiple Vulnerabilties =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script :...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2013/04/29 12:0 a.m.22 views

Ipswitch IMail 11.01 - Cross-Site Scripting

!/usr/bin/perl Exploit Title: Ipswitch IMail 11.01 XSS Vulnerability Date: 26-04-2013 Author: DaOne aka Mocking Bird Vendor Homepage: http://www.ipswitch.com/ Platform: windows use Net::SMTP; ARGV Check if $ARGV != 2 print "\nUSAGE: IMail.pl \n"; exit; $host = $ARGV0; $attacker = $ARGV1; $victim ...

7.4AI score
Exploits0
0day.today
0day.today
added 2012/12/03 12:0 a.m.20 views

Tinymcpuk 0.3 Cross Site Scripting Vulnerability

Tinymcpuk version 0.3 suffers from a cross site scripting vulnerability. Exploit Title: tinymcpuk xss vulnerability Google Dork: n/a Date: 1/12/2012 GMT+7 Exploit Author: eidelweiss @randyarios Vendor Homepage: http://sourceforge.net/projects/p4a/files/tinymcpuk/ Software Link:...

6.7AI score
Exploits0
Packet Storm
Packet Storm
added 2012/08/10 12:0 a.m.23 views

Manchester United Cross Site Scripting

Exploit Title: manchester united xss Date: 10.08.2012 Author: TayfunBasoglu Tested: BackTrack 5 Platform: Php ---------------- http://www.manutd.com/Search-Results.aspx?qs=manutdfrontend&catTxt=&searchText=XSS http://www.manutd.com/Search-Results.aspx?qs=manutdfrontend&catTxt=&searchText="...

Exploits0
Exploit DB
Exploit DB
added 2012/02/21 12:0 a.m.24 views

Xavi 7968 ADSL Router - '/webconfig/wan/confirm.html/confirm?pvcName' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52098/info Xavi 7968 ADSL Router is prone to cross-site scripting, HTML-injection and cross-site request forgery vulnerabilities. The attacker can exploit the issues to execute arbitrary script code in the context of the vulnerable site, potentially...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2011/06/21 10:42 p.m.6 views

Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)

CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing...

4.3CVSS7.4AI score0.01034EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2011/06/21 10:39 p.m.5 views

Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)

CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing...

4.3CVSS7.4AI score0.01034EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2011/06/21 10:30 p.m.4 views

Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)

CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing...

4.3CVSS7.4AI score0.01034EPSS
Exploits0References4
0day.today
0day.today
added 2010/10/09 12:0 a.m.15 views

xWeblog v2.2 Insecure Cookie Handling Vulnerability

Exploit for php platform in category web applications =================================================== xWeblog v2.2 Insecure Cookie Handling Vulnerability =================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'...

7.1AI score
Exploits0
0day.today
0day.today
added 2010/04/29 12:0 a.m.21 views

MidWeb CMS (top.asp) XSS Vulnerability

Exploit for php platform in category web applications ====================================== MidWeb CMS top.asp XSS Vulnerability ====================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/12/26 12:0 a.m.35 views

dB Masters MultiMedia - Insecure Cookie Handling

======================================================================================== | Title : dB Masters Multimedia Insecure Cookie Handling Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -00213771818860 | | W...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2009/09/01 12:0 a.m.19 views

Beex 3 Cross Site Scripting

/ | | \ \ / / | | \ \ / / | |\ \ /\ / / | | | | | | \ V /| | | \ V V / | | || | || / ||| // ,|, | |/ | | | |/ / | ' \ | | / | | | | | | | |||,|| || || Beex 3 Remote XSS Vulnerabilities Discovered By : Moudi Contact : Download : http://www.aom-software.de/beexstart.php Greetings : Mizoz,...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2009/07/29 12:0 a.m.32 views

Miniweb 2.0 Publisher SQL Injection / XSS

-----------------------------I AM MUSLIM !!------------------------------ ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2009/05/04 12:0 a.m.13 views

AGTC MyShop 3.2 - Insecure Cookie Handling

AGTC MyShop 3.2 - Insecure Cookie Handling ======================================================= +++++++++++++++++++ information +++++++++++++++++++++++ ======================================================= + Script : AGTC MyShop v3.2b + Site :www.websiteforsaleuk.co.uk + Found by : Mr.tro0oq...

0.1AI score
Exploits0
Rows per page
Query Builder