4 matches found
php: standard insecure cookie could be treated as a '__Host-' or '__Secure-' cookie by PHP applications
A vulnerability was found in PHP due to the way PHP handles HTTP variable names. It interferes with HTTP variable names that clash with ones that have a specific semantic meaning. This vulnerability allows network and same-site attackers to set a standard insecure cookie in the victim's browser,...
SUSE-SU-2022:3957-1 Security update for php72
This update for php72 fixes the following issues: - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. bsc1203867 - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the...
Teraway LinkTracker 1.0 Insecure Cookie
-------------------------------------+ Homepage:http://www.teraway.com Product: Teraway LinkTracker V1.0 home:www.h4ckf0ru.com Note: Hawach x.CJP.x Ballk Ma tedirech Ihdae Note: سال الممكن المستحيل اين تقيم قال في احلام العاجز ------------------------------------- Teraway LinkTracker V1.0 Insecur...
Absolute News Feed 1.0 - Remote Insecure Cookie Handling
Discovered by : Hakxer Script : Absolute News Feed http://www.xigla.com/absolutenf/demo.htm Greetz : Allah , All My friend ,www.educ-up.com ------------------------------- Poc : javascript:document.cookie="xlaAFSuser=p=admin"; Exploit Go To admin login :...