EUVD-2013-3569

Malware in sbrugna...

CVE-2013-3636

ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag...

Information disclosure

ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag...

Grammarly: Account takeover through the combination of cookie manipulation and XSS

Summary: A cookie based XSS on www.grammarly.com exists due to reflection of a cookie called gnarcontainerId in DOM without any sanitization. Normally, gnarcontainerId is being set by the server however a vulnerable endpoint at gnar.grammarly.com called "/cookies" allows us to manipulate cookies...

HTTP TRACE Allowed

The HTTP TRACE method allows a client to send a request to the server, and have the same request sent back in the server's response. This allows the client to determine if the server is receiving the request as expected. Often this method is used for debugging purposes e.g. to verify that a reque...

[BMSA-2009-01] Authentication bypass in Interspire Shopping Cart v4.0.1 and below

BLUE MOON SECURITY ADVISORY 2009-01 =================================== :Title: Authentication bypass in Interspire Shopping Cart :Severity: Critical :Reporter: Truong Van Tri and Blue Moon Consulting :Products: Interspire Shopping Cart v4.0.1 Ultimate edition :Fixed in: v4.0.2 Description...