57 matches found
Linux Distros Unpatched Vulnerability : CVE-2015-3801
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended...
CVE-2023-5723
An attacker with temporary script access to a site could have set a cookie containing invalid characters using document.cookie that could have led to unknown errors. This vulnerability affects Firefox 119...
Code injection
An attacker with temporary script access to a site could have set a cookie containing invalid characters using document.cookie that could have led to unknown errors. This vulnerability affects Firefox 119...
UBUNTU-CVE-2023-5723
An attacker with temporary script access to a site could have set a cookie containing invalid characters using document.cookie that could have led to unknown errors. This vulnerability affects Firefox 119...
CVE-2023-5723
The CVE-2023-5723 issue affects Mozilla Firefox prior to version 119, where an attacker with temporary script access to a site could set a cookie containing invalid characters via document.cookie, potentially causing unknown errors. Public sources in the connected documents consistently reference...
Debian DSA-5464-1 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5464 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, bypass of the...
CVE-2023-4055
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...
CVE-2023-4055
When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox 116, Firefox ESR 102.14,...
Code injection
When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox 116, Firefox ESR 102.14,...
CVE-2023-4055
When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox 116, Firefox ESR 102.14,...
Loan Management System 1.0 Cross Site Scripting
Exploit Title: Loan Management System - Stored XSS on several parameters Date: 28/07/2022 Exploit Author: saitamang Vendor Homepage: sourcecodester Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip Version: 1.0 Tested on: Centos 7 apache2 + MySQL There a...
Stored XSS in organisation name field
Description Upon a user creates a new organisation and invites members, by opening the invitation, the XSS payload is being executed. Proof of Concept Just simply create an organisation with the following name: XSSalert1. After saving the organisation, the XSS payload is being executed. Impact In...
CVE-2014-8674
Multiple Cross-Site Scripting XSS vulnerabilities exist in Simple Online Planning SOPlanning before 1.33 via the document.cookie in nbmois and mbligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code...
Rocket.Chat: Account takeover via XSS
Summary: By combining AutoLinker and Markdown an attacker is able to inject malicious scripts. Description: By combining AutoLinker and Markdown we can trick the parser into breaking out of the current HTML attribute. https://a?p= results in: html ." target="blank" rel="noopener noreferrer" "...
ModSecurity 3.0.0 - Cross-Site Scripting
ModSecurity 3.0.0 - Cross-Site Scripting. CVE-2018-13065. Webapps exploit for Linux platform. Tags: Cross-Site Scripting XSS Exploit Title: ModSecurity 3.0.0 - Cross-Site Scripting Date: 2018-07-02 Vendor Homepage: https://www.modsecurity.org Software: ModSecurity Category: Web Application Firewa...
Opial 1.0 - Arbitrary File Upload/XSS/SQL Injection Vulnerabilities
No description provided by source. ::::::::::::::::::::R3AL.RU:::::::::::::::::::: Opial 1.0 Arbitrary File Upload & XSS & SQL Injection genresparent Author: LMaster Greetz: r3al.ru Official Site with demo: http://www.opial.com --Arbitrary File Upload-- 1. Go to http://www.site.com/register.php 2...
Mozilla Firefox 2.0.0.2 Document.Cookie Path Argument Denial of Service Vulnerability
No description provided by source...
phpmysport 1.4 (xss/sql) Multiple Vulnerabilities
No description provided by source. + PhpMySport v. 1.4 Multiple Remote Vulnerabilities XSS\SQL + Discovered by XaDoS - xados at hotmail dot it Th4nKs AlpHaNiX -Product site: http://phpmysport.sourceforge.net -Version vuln: 1.4latest and maybe + COD3: The code vuln is at page /memberlist.php SQL a...
impleo music collection 2.0 (sql/xss) Multiple Vulnerabilities
No description provided by source. + Impleo Music Collection 2.0 SQL/XSS Multiple Remote Vulnerabilities + Download: http://sappy.dk/impleo/download-impleo + Discovered By SirGod + www.mortal-team.org + SQL Injection Auth Bypass - Requirements : magicquotesgpc = off - Vulnerable code in...
Ipswitch IMail 11.01 - Cross-Site Scripting
Ipswitch IMail 11.01 - Cross-Site Scripting !/usr/bin/perl Exploit Title: Ipswitch IMail 11.01 XSS Vulnerability Date: 26-04-2013 Author: DaOne aka Mocking Bird Vendor Homepage: http://www.ipswitch.com/ Platform: windows use Net::SMTP; ARGV Check if $ARGV != 2 print "\nUSAGE: IMail.pl \n"; exit;...