159 matches found
CVE-2024-5294
The CVE-2024-5294 entry concerns the D-Link DIR-3040 router. The vulnerable component is prog.cgi (HNAP handler for the lighttpd server on ports 80/443). The root cause is improper memory management when processing HTTP cookie values, causing a memory leak that enables a denial-of-service conditi...
Ubuntu: Security Advisory (USN-6473-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : PHP vulnerabilities (USN-4583-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4583-1 advisory. It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease...
K11435435: PHP vulnerability CVE-2020-7070
Security Advisory Description In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thu...
K13434228: Apache Struts vulnerability CVE-2012-0392
Security Advisory Description The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...
XSS Stored inside Standard Interface Help Link href attribute
📜 Description Cross-site scripting XSS is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. The persistent or stored XSS vulnerability is a more devastating variant of a...
The vulnerability of the CookieInterceptor class implementation in the Apache Struts software platform allows a hacker to execute arbitrary code.
The vulnerability of the CookieInterceptor class implementation in the Apache Struts software platform is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary code using a specially created HTTP cookie header...
CVE-2022-29733
CVE-2022-29733 affects Delta Controls enteliTOUCH, versions 3.40.3935, 3.40.3706, and 3.33.4005. The root cause is cleartext transmission/storage of sensitive information in HTTP cookies, enabling a man‑in‑the‑middle attacker to intercept cookie authentication credentials. Multiple sources (NVD e...
CVE-2022-29733
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack...
curl: Cookie injection from non-secure context
Summary: Curl allows injecting cookies over insecure HTTP connection that will then be sent to the target site when connecting over HTTPS. As documented in lib/cookie.c https://github.com/curl/curl/blob/a04f0b961333e1a19848d073d8c7db9c20b2a371/lib/cookie.cL1039 this should not be possible: / A...
GHSA-2PPP-XJ34-VVF7 Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...
Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure Vulnerability
Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure Vendor: Delta Controls Inc. Product web page: https://www.deltacontrols.com Affected version: 3.40.3935 3.40.3706 3.33.4005 Summary: enteliTOUCH - Touchscreen Building Controller. Get instant access to the heart of your BAS. The...
Cisco Small Business RV Series Authentication Bypass / Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Small Business RV Series Authentication Bypass and Command Injection', 'Description' = %q This module exploits an authentication bypass...
Mageia: Security Advisory (MGASA-2015-0227)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-41171
eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing...
CVE-2021-41171
eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing...
Design/Logic Flaw
eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing...
MGASA-2020-0387 Updated php packages fix a security vulnerability
In PHP versions 7.2.x when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure...
PHP 7.4.x < 7.4.11 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.34, 7.3.x prior to 7.3.23 or 7.4.x prior to 7.4.11. It is, therefore, affected by multiple vulnerabilities: - When AES-CCM mode is used with opensslencrypt function with 12 byt...
PHP 7.3.x < 7.3.23 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.34, 7.3.x prior to 7.3.23 or 7.4.x prior to 7.4.11. It is, therefore, affected by multiple vulnerabilities: - When AES-CCM mode is used with opensslencrypt function with 12 byt...