Lucene search
K

159 matches found

CVE
CVE
added 2017/07/21 2:0 p.m.61 views

CVE-2015-3421

CVE-2015-3421 affects the WordPress eShop plugin (

6.1CVSS6AI score0.01291EPSS
Exploits2References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/06/29 12:0 a.m.86 views

HooToo HT-TM06 TripMate Elite Web Server 'protocol.csp' HTTP Cookie Header Handling RCE

The HooToo TripMate web interface running on the remote host is affected by a remote code execution vulnerability in the ioos web server vshttpd due to improper validation of overly long strings passed via the HTTP cookie header to protocol.csp. An unauthenticated, remote attacker can exploit thi...

6.5CVSS7.8AI score0.01636EPSS
Exploits1References2
Zero Day Initiative
Zero Day Initiative
added 2017/06/12 12:0 a.m.20 views

(0Day) Schneider Electric U.motion Builder Embedded Session ID Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of session management. The application has a hard-code...

7.5CVSS7.2AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2017/06/12 12:0 a.m.27 views

(0Day) Schneider Electric U.motion Builder HTTP Cookie SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of applets which are exposed on the web service. The...

7.5CVSS8.6AI score
Exploits0References1
Prion
Prion
added 2017/05/17 10:29 a.m.14 views

Heap overflow

Heap buffer overflow in vshttpd aka ioos in HooToo Trip Mate 6 TM6 firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted HTTP Cookie header...

6.4CVSS6.7AI score0.01636EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/05/17 10:0 a.m.16 views

CVE-2017-9025

Heap buffer overflow in vshttpd aka ioos in HooToo Trip Mate 6 TM6 firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted HTTP Cookie header...

6.7AI score0.01636EPSS
Exploits1References1
0day.today
0day.today
added 2016/12/16 12:0 a.m.507 views

XenForo 1.5.x Remote Code Execution Vulnerability

Exploit for php platform in category web applications XenForo 1.5.x Remote Code Execution Vulnerability 1. ADVISORY INFORMATION ======================= Product: XenForo Vendor URL: xenforo.com Type: Code Injection CWE-94 Date found: 2016-12-09 Date published: 2016-12-15 CVSSv3 Score: 9.3...

7.1AI score
Exploits0
NVD
NVD
added 2016/09/19 1:59 a.m.22 views

CVE-2016-6537

AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings...

7.5CVSS7.3AI score0.01258EPSS
Exploits2References2
Prion
Prion
added 2016/09/19 1:59 a.m.21 views

Format string

AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings...

5CVSS6.6AI score0.01258EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2016/09/19 1:0 a.m.25 views

CVE-2016-6537

AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings...

7.5AI score0.01258EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2016/01/26 12:0 a.m.38 views

CVE-2016-1939

Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208...

5.3CVSS6.9AI score0.01765EPSS
Exploits0References3
NVD
NVD
added 2015/12/31 5:59 a.m.19 views

CVE-2015-5995

Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header...

10CVSS9.3AI score0.19065EPSS
Exploits3References1
CVE
CVE
added 2015/12/31 2:0 a.m.68 views

CVE-2015-5995

The CVE-2015-5995 issue involves Mediabridge Medialink MWN-WAPR300N (firmware ~5.07.50) and Tenda N3 Wireless N150 routers, where authentication can be bypassed by manipulating the HTTP Cookie header (e.g., Cookie: language-en; admin:language-en). The root cause is using unauthenticated cookie-ba...

10CVSS9.2AI score0.19065EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2015/12/16 11:0 a.m.27 views

CVE-2015-7208

Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers...

6.8AI score0.0239EPSS
Exploits0References15
CVE
CVE
added 2015/12/16 11:0 a.m.132 views

CVE-2015-7208

CVE-2015-7208 affects Mozilla Firefox before 43.0. The issue arises from cookies containing vertical tab characters ('\v') being stored, enabling a remote attacker to read HTTP Cookie headers and obtain sensitive information. The vulnerability is tied to the cookie handling/tokenization logic and...

5CVSS6.6AI score0.0239EPSS
Exploits0References15Affected Software1
UbuntuCve
UbuntuCve
added 2015/12/15 12:0 a.m.29 views

CVE-2015-7208

Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers...

5CVSS6.9AI score0.0239EPSS
Exploits0References3
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.78 views

Arbitrary Variable Overwrite in eShop WordPress Plugin

Advisory ID: HTB23255 Product: eShop WordPress plugin Vendor: Rich Pedley Vulnerable Versions: 6.3.11 and probably prior Tested Version: 6.3.11 Advisory Publication: April 15, 2015 without technical details Vendor Notification: April 15, 2015 Public Disclosure: May 6, 2015 Vulnerability Type: Cod...

4.3CVSS0.2AI score0.01291EPSS
Exploits2
OpenVAS
OpenVAS
added 2015/04/21 12:0 a.m.30 views

Debian: Security Advisory (DSA-3232-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS9.7AI score0.3763EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/12/30 12:0 a.m.562 views

Allegro RomPager HTTP Cookie Management Remote Code Execution Vulnerability (Misfortune Cookie)

Nessus was able to overwrite the request path by sending a specially crafted cookie to the remote web server. It is, therefore, affected by multiple vulnerabilities : - A flaw in HTTP cookie management in the embedded web server allows a remote attacker to execute arbitrary code with administrati...

10CVSS8.8AI score0.63748EPSS
Exploits12References6
Tenable Nessus
Tenable Nessus
added 2014/12/24 12:0 a.m.1398 views

Allegro RomPager HTTP Cookie Management Remote Code Execution Vulnerability (Misfortune Cookie)

According to its banner, the remote host is running a version of Allegro Software RomPager 4.07 to 4.33. It is, therefore, affected by multiple vulnerabilities : - A flaw in HTTP cookie management in the embedded web server allows a remote attacker to execute arbitrary code with administrative...

10CVSS8.8AI score0.63748EPSS
Exploits12References6
Rows per page
Query Builder