16 matches found
EUVD-2025-19846
Malicious code in bioql PyPI...
CVE-2025-27453
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...
CVE-2025-27453
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...
CVE-2025-27453 CVE-2025-27453
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...
CVE-2025-27453 CVE-2025-27453
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript...
CVE-2025-27453
CVE-2025-27453 affects Endress+Hauser MEAC300-FNADE4. The underlying issue is an HttpOnly flag misconfiguration on the PHPSESSION cookie, allowing access via JavaScript and enabling potential session hijacking. Public-facing documents consistently describe this as a vulnerability in the MEAC300-F...
PT-2025-27782
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns the HttpOnly flag being set to false on the PHPSESSION cookie, allowing it to be accessed by other sources such as JavaScript. Recommendations: At the moment, there is no...
Sensitive Information Disclosure
topthink/framework is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of error messages, which can reveal the PHPSESSION cookie through debug error output source code when a crafted URI is used in a GET request...
ThinkPHP Cross-Site Scripting Vulnerability
ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in thinkexception.tpl...
GHSA-969F-V7JV-PGJ3 ThinkPHP Cross-Site Scripting Vulnerability
ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in thinkexception.tpl...
CVE-2024-34467
ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in thinkexception.tpl...
CVE-2024-34467
ThinkPHP 8.0.3 is affected by a cross‑site scripting (XSS) flaw caused by inadequate filtering of function argument values in think_exception.tpl. Remote attackers may exploit this to inject scripts; several sources also describe potential disclosure of the PHPSESSION cookie via error output. Red...
CVE-2024-34467
ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in thinkexception.tpl...
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
$Id: osbunamejlist.rb 13591 2011-08-19 18:35:29Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
This module exploits an authentication bypass vulnerability in login.php. In conjunction with the authentication bypass issue, the 'jlist' parameter in propertybox.php can be used to execute arbitrary system commands. This module was tested against Oracle Secure Backup version 10.3.0.1.0 This...
PHPCMS 2007 show_pic.inc.php本地包含漏洞
PHPCMS 网站管理系统是一个基于PHP+MYSQL的全站生成html的建站系统,经过完善设计并适用于各种服务器环境如UNIX、LINUX、WINDOWS等的高效、全新、快速、优秀的网站解决方案 showpic.inc.php 是否配置了src变量,如果有的话就把路径值赋给file。 这里src的类型没有判断。跳到根目录提交配置文件就可以读取数据库的连接密码了。 PHPCMS2007 官方暂时没有解决方案 http://www.phpcms.cn/ POST /picture/showpic.php?src=/../../../config.inc.php...