19 matches found
BIT-AUTHENTIK-2026-25748 authentik has a forward authentication bypass with broken cookie
authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traefik or Caddy as reverse proxy. When a malicious...
CVE-2026-25748
authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traefik or Caddy as reverse proxy. When a malicious...
CVE-2026-25748
authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traefik or Caddy as reverse proxy. When a malicious...
CVE-2026-25748 authentik has a forward authentication bypass with broken cookie
authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traefik or Caddy as reverse proxy. When a malicious...
CVE-2026-25748 authentik has a forward authentication bypass with broken cookie
authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traefik or Caddy as reverse proxy. When a malicious...
EUVD-2013-5995
Malware in sbrugna...
SUSE CVE-2013-6166
Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...
389-ds-base 代码问题漏洞
389-ds-base is a highly available, fully featured, reliable and secure LDAP server implementation. It handles many of the largest LDAP deployments in the world. A code issue vulnerability exists in 389-ds-base. An attacker exploiting this vulnerability could cause a fatal error in 389-ds via a...
ISC BIND 9 Multiple DoS
According to its self-reported version number, the instance of ISC BIND running on the remote name server is affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists in files resolver.c and db.c when handling DNAME resource signatures. An unauthenticated...
RedHat Update for httpd RHSA-2014:0370-01
Check for the Version of httpd OpenVAS Vulnerability Test RedHat Update for httpd RHSA-2014:0370-01 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...
CVE-2013-6166
Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...
Cross site request forgery (csrf)
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...
Cross site request forgery (csrf)
Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...
CVE-2013-6167
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...
CVE-2012-2327
MyBB aka MyBulletinBoard before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message...
php malformed cookie handling
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285...
php malformed cookie handling
No description is available for this CVE...
php malformed cookie handling
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285...
Immediacy .NET CMS possibly vulnerable to Cross Site Scripting through a malformed cookie
PR05-06: Immediacy .NET CMS possibly vulnerable to Cross Site Scripting through a malformed cookie This advisory has been published following consultation with UK NISCC http://www.niscc.gov.uk/ Date found: 2005-02-27 Vulnerable: Immediacy .NET CMS 5.2 Severity: Low Author: Gemma Hughes gemma.hugh...