CVE-2026-39807

A flaw was found in bandit. An unauthenticated client can exploit this vulnerability by spoofing the transport state on plaintext HTTP connections. By declaring an HTTPS scheme over a non-secure TCP connection, the system incorrectly registers the connection as secure. This can lead to sensitive...

CVE-2025-4537

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulation leads to cleartext storage of sensitive...

SUSE CVE-2017-5042

Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent...

Textpattern CMS 安全漏洞

Textpattern CMS is a Php-based content management system from the Textpattern team. An information disclosure vulnerability exists in Textpattern CMS v4.8.7 and prior versions, which stems from the application transmitting cookies used in HTTPS session transfers in plaintext. An attacker can...

Digi TransPort 安全漏洞

The Digi International Digi TransPort is a full-featured cellular router from Digi International USA. A security vulnerability exists in the Digi TransPort Gateway that stems from them not setting the Secure attribute for sensitive cookies in HTTPS sessions, which could result in a user agent...

UBUNTU-CVE-2017-5042

Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent...

CVE-2017-5042

Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent...

chromium-browser: incorrect handling of cookies in cast

Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent...

CVE-2017-5042

Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent...

Yet another wretched trick: Surf Jacking-vulnerability warning-the black bar safety net

Author: thorn This technique is today EnableSecurityissue. The prerequisite is to be able tointercepted trafficit. Specifically, it can monitor the uplink traffic, you can modify the downstream flow. Method by the arp spoofing, DNS spoofing, wireless monitor or the like. Some people might say, ca...

Re: Internet Explorer and Opera local zone restriction bypass

There was not a lot of details in your post, so I will try to verify and clarify your findings. First things first, this is not a problem with Microsofts Internet Explorer, but with Macromedia and their Flash player. I could reproduce this issue successfully with a fresh install of the latest Fla...