Lucene search
K

681 matches found

Packet Storm
Packet Storm
added 2024/09/13 12:0 a.m.255 views

Beauty Parlour And Saloon Management System 1.1 Insecure Cookie Handling

==================================================================================================================================== | Title : Beauty Parlour & Saloon Management System 1.1 Insecure Cookie Handling Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

7.4AI score
Exploits0
Amazon
Amazon
added 2024/02/05 12:0 a.m.4 views

Medium: php

Issue Overview: In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. CVE-2022-31628 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to...

6.5CVSS7.7AI score0.49336EPSS
Exploits2
Prion
Prion
added 2023/02/01 2:15 p.m.15 views

Design/Logic Flaw

In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic...

5CVSS5.4AI score0.00394EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2022/12/22 12:0 a.m.38 views

CVE-2022-40958

By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and...

6.5CVSS7.6AI score0.01104EPSS
Exploits0
OSV
OSV
added 2022/04/07 11:15 a.m.6 views

CVE-2021-46416

Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling...

8.1CVSS7.2AI score0.06693EPSS
Exploits4References3
NVD
NVD
added 2022/04/07 11:15 a.m.20 views

CVE-2021-46416

Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling...

8.1CVSS0.06693EPSS
Exploits4References3
Cvelist
Cvelist
added 2022/04/07 10:45 a.m.32 views

CVE-2021-46416

Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling...

8.2AI score0.06693EPSS
Exploits4References3
Hacker One
Hacker One
added 2020/10/09 9:35 p.m.986 views

Informatica: ..; bypass leading to tomcat scripts [Unauthenticated]

Hello all Using the technique ..; i was able to bypass the protection mechanism to access Tomcat Example Scripts hosted at https://███/. Steps to reproduce 1 - Open all URL's bellow inside your browser https://█████████/..;/examples/servlets/servlet/SessionExample | Will lead to Session...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2019/08/15 10:24 p.m.90 views

U.S. Dept Of Defense: Examples directory is PUBLIC on https://████████mil, leading to multiple vulns

Description: Hello, In an effort to consolidate reporting. I have located 4 issues with having the Examples Directory openmy require just 1 solution to mitigate The following URLs that show concern are the following: 1. https://█████mil/examples/servlets/servlet/SessionExample --Will lead to...

0.5AI score
Exploits0
Veracode
Veracode
added 2018/06/07 7:1 a.m.15 views

Insecure Cookie Handling

drill-java-exec is vulnerable to insecure cookie handling attacks. The vulnerability exists due to the lack of httpOnly flag in the response cookies, allowing the cookies to be stolen by a third party website...

6.5AI score
Exploits0
Cvelist
Cvelist
added 2016/09/29 10:0 a.m.27 views

CVE-2016-7090

The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

4.2AI score0.01895EPSS
Exploits0References3
NVD
NVD
added 2015/05/30 7:59 p.m.23 views

CVE-2015-2855

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator's cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its...

4.3CVSS6.3AI score0.01451EPSS
Exploits0References3
0day.today
0day.today
added 2014/12/18 12:0 a.m.46 views

ResourceSpace 6.4.5976 - XSS / SQL Injection / Insecure Cookie Handling

Exploit for php platform in category web applications Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Adler Freiheit Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montala Limited Vendor url:...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2014/12/15 12:0 a.m.23 views

ResourceSpace 6.4.5976 - Cross-Site Scripting SQL Injection Insecure Cookie Handling

ResourceSpace 6.4.5976 - Cross-Site Scripting SQL Injection Insecure Cookie Handling ​Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Adler Freiheit Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montal...

8.1AI score
Exploits0
Exploit DB
Exploit DB
added 2014/12/15 12:0 a.m.46 views

ResourceSpace 6.4.5976 - Cross-Site Scripting / SQL Injection / Insecure Cookie Handling

​Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Adler Freiheit Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montala Limited Vendor url: www.resourcespace.org Software: ResourceSpace Digital Asset...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2014/12/11 12:0 a.m.35 views

ResourceSpace 6.4.5976 XSS / SQL Injection / Insecure Cookie Handling

Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Petri Iivonen Contact: petri.iivonenattmbcgovuk Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montala Limited Vendor url: www.resourcespace.org Software:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/11/17 12:0 a.m.23 views

Maarch LetterBox 2.8 Insecure Cookie Handling

Title : Maarch LetterBox 2.8 Insecure Cookie Handling Vulnerability Login Bypass Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 17.11.2014 Demo : http://www.era.sn/courrier Download :...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2014/11/17 12:0 a.m.19 views

Maarch LetterBox 2.8 - (Authentication Bypass) Insecure Cookies

Maarch LetterBox 2.8 - Authentication Bypass Insecure Cookies Title : Maarch LetterBox 2.8 Insecure Cookie Handling Vulnerability Login Bypass Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 17.11.2014 Demo : http://www.era.sn/courrier...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2014/10/02 12:0 a.m.24 views

AllMyVisitors 0.5.0 SQL Injection

AllMyVisitors0.5.0 Blind SQL Injection Vulnerability ==================================================== Author : indoushka Vondor : http://www.php-resource.net/ Dork: Copyright c 2004 by voice of web ========================== SQL injection is a vulnerability that allows an attacker to alter...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2014/09/29 12:0 a.m.40 views

AllMyGuests 0.4.1 XSS / SQL Injection / Insecure Cookie Handling

AllMyGuests0.4.1 Multi Vulnerability ==================================== Author : indoushka Vondor : http://www.php-resource.net/ Dork: powered by AllMyGuests © 2003, voice of web ========================== php info : http://localhost/AllMyGuests0.4.1/tools/phpinfo.php Cross site scripting also...

1AI score
Exploits0
Rows per page
Query Builder