Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2018-11865

Malware in sbrugna...

7.5CVSS7.5AI score0.0282EPSS
Exploits1References3
Amazon
Amazon
added 2025/01/09 12:0 a.m.33 views

Medium: python3-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This...

7.5CVSS7.7AI score0.01051EPSS
Exploits0
OSV
OSV
added 2022/09/01 9:4 p.m.3 views

USN-5587-1 curl vulnerability

Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTPS server might return a 400 Bad Request Error response. A malicious cookie host could possibly use this to cause denial-of-service...

3.7CVSS6.7AI score0.01839EPSS
Exploits1References2
OSV
OSV
added 2022/05/01 11:28 p.m.12 views

GHSA-76X8-GG39-5JJG CherryPy Malicious cookies allow access to files outside the session directory

Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...

8.7CVSS6.3AI score0.02647EPSS
Exploits1References21
Github Security Blog
Github Security Blog
added 2022/05/01 11:28 p.m.13 views

CherryPy Malicious cookies allow access to files outside the session directory

Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...

7.5CVSS6.9AI score0.02647EPSS
Exploits1References21Affected Software1
Malwarebytes
Malwarebytes
added 2018/01/22 5:53 p.m.22 views

A week in security (January 15 – January 21)

Last week on Labs, we gave you some background information about cookies, specifically which ones to worry about and why. We also warned you about scams surrounding the Mega Millions winner, who promised to donate his money to good causes. We analyzed a cryptocurrency miner using a very old...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2014/12/19 2:18 a.m.130 views

Router Vulnerability Puts 12 Million Home and Business Routers at Risk

More than 12 million routers in homes and businesses around the world are vulnerable to a critical software bug that can be exploited by hackers to remotely monitor users’ traffic and take administrative control over the devices, from a variety of different manufacturers. The critical vulnerabili...

10CVSS8.3AI score0.63748EPSS
Exploits12
Exploit DB
Exploit DB
added 2012/01/31 12:0 a.m.242 views

Apache - httpOnly Cookie Disclosure

// Source: https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08 // Most browsers limit cookies to 4k characters, so we need multiple function setCookies good // Construct string for cookie value var str = ""; for var i=0; i content var content =...

7.4AI score
Exploits0
Rows per page
Query Builder