681 matches found
Beauty Parlour And Saloon Management System 1.1 Insecure Cookie Handling
==================================================================================================================================== | Title : Beauty Parlour & Saloon Management System 1.1 Insecure Cookie Handling Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
Medium: php
Issue Overview: In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. CVE-2022-31628 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to...
Design/Logic Flaw
In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic...
CVE-2022-40958
By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and...
CVE-2021-46416
Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling...
CVE-2021-46416
Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling...
CVE-2021-46416
Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling...
Informatica: ..; bypass leading to tomcat scripts [Unauthenticated]
Hello all Using the technique ..; i was able to bypass the protection mechanism to access Tomcat Example Scripts hosted at https://███/. Steps to reproduce 1 - Open all URL's bellow inside your browser https://█████████/..;/examples/servlets/servlet/SessionExample | Will lead to Session...
U.S. Dept Of Defense: Examples directory is PUBLIC on https://████████mil, leading to multiple vulns
Description: Hello, In an effort to consolidate reporting. I have located 4 issues with having the Examples Directory openmy require just 1 solution to mitigate The following URLs that show concern are the following: 1. https://█████mil/examples/servlets/servlet/SessionExample --Will lead to...
Insecure Cookie Handling
drill-java-exec is vulnerable to insecure cookie handling attacks. The vulnerability exists due to the lack of httpOnly flag in the response cookies, allowing the cookies to be stolen by a third party website...
CVE-2016-7090
The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
CVE-2015-2855
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator's cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its...
ResourceSpace 6.4.5976 - XSS / SQL Injection / Insecure Cookie Handling
Exploit for php platform in category web applications Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Adler Freiheit Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montala Limited Vendor url:...
ResourceSpace 6.4.5976 - Cross-Site Scripting / SQL Injection / Insecure Cookie Handling
Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Adler Freiheit Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montala Limited Vendor url: www.resourcespace.org Software: ResourceSpace Digital Asset...
ResourceSpace 6.4.5976 - Cross-Site Scripting SQL Injection Insecure Cookie Handling
ResourceSpace 6.4.5976 - Cross-Site Scripting SQL Injection Insecure Cookie Handling Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Adler Freiheit Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montal...
ResourceSpace 6.4.5976 XSS / SQL Injection / Insecure Cookie Handling
Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Petri Iivonen Contact: petri.iivonenattmbcgovuk Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montala Limited Vendor url: www.resourcespace.org Software:...
Maarch LetterBox 2.8 Insecure Cookie Handling
Title : Maarch LetterBox 2.8 Insecure Cookie Handling Vulnerability Login Bypass Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 17.11.2014 Demo : http://www.era.sn/courrier Download :...
Maarch LetterBox 2.8 - (Authentication Bypass) Insecure Cookies
Maarch LetterBox 2.8 - Authentication Bypass Insecure Cookies Title : Maarch LetterBox 2.8 Insecure Cookie Handling Vulnerability Login Bypass Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 17.11.2014 Demo : http://www.era.sn/courrier...
AllMyVisitors 0.5.0 SQL Injection
AllMyVisitors0.5.0 Blind SQL Injection Vulnerability ==================================================== Author : indoushka Vondor : http://www.php-resource.net/ Dork: Copyright c 2004 by voice of web ========================== SQL injection is a vulnerability that allows an attacker to alter...
AllMyGuests 0.4.1 XSS / SQL Injection / Insecure Cookie Handling
AllMyGuests0.4.1 Multi Vulnerability ==================================== Author : indoushka Vondor : http://www.php-resource.net/ Dork: powered by AllMyGuests © 2003, voice of web ========================== php info : http://localhost/AllMyGuests0.4.1/tools/phpinfo.php Cross site scripting also...