SUSE CVE-2020-7070

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

[CVE-2015-4624] Predictable CSRF tokens in WiFi Pineapple firmware <= 2.3.0

Overview =============== WiFi Pineapples are a penetration testing tool used in offensive wireless activities. These devices run on a modified OpenWRT based on netBSD operating system. They include a web-based management interface. It has been discovered they have predictable anti-CSRF tokens bas...

Simple Machines Forum <= 1.1.7 '[url]' Tag HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/33595/info Simple Machines Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML...

Simple Machines Forums (BBCode) Cookie Stealing Vulnerability

No description provided by source. Author: Xianur0 BBCode of the smf not filtered properly specified urls: centersize=14pturl=javascript:alert'xss'Saltando Filtro :D.../url/size...