PHP 7.3.15-3 PHP_SESSION_UPLOAD_PROGRESS Session Data Injection

Exploit Title: PHP 7.3.15-3 - 'PHPSESSIONUPLOADPROGRESS' Session Data Injection Date: 26/7/2021 Exploit Author: SiLvER | Faisal Alhadlaq Tested on: PHP Version is 7.3.15-3 This poc will abusing PHPSESSIONUPLOADPROGRESS then will trigger race condition to get remote code execution, the script will...

PHP 7.3.15-3 - (PHP_SESSION_UPLOAD_PROGRESS) Session Data Injection Exploit

Exploit Title: PHP 7.3.15-3 - 'PHPSESSIONUPLOADPROGRESS' Session Data Injection Exploit Author: SiLvER | Faisal Alhadlaq Tested on: PHP Version is 7.3.15-3 This poc will abusing PHPSESSIONUPLOADPROGRESS then will trigger race condition to get remote code execution, the script will return a revers...

CVE-2021-35440

Smashing 1.3.4 is vulnerable to Cross Site Scripting XSS. A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environment e.g. if re-using internal URL's for...

CVE-2021-35440

Smashing 1.3.4 is vulnerable to Cross Site Scripting XSS. A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environment e.g. if re-using internal URL's for...

GHSA-2CC5-23R7-VC4V Ratpack's default client side session signing key is highly predictable

Impact The client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is not on by default, the session data could be tampered with by someone with...

CVE-2021-29480

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is n...

CVE-2021-29481

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with...

CVE-2021-29480 Default client side session signing key is highly predictable

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used which is recommended, but is n...

Ratpack 安全漏洞

Ratpack is a Java library for building scalable HTTP applications. A security vulnerability exists in Ratpack versions prior to 1.9.0, which stems from a default configuration of a client session that results in unencrypted but signed data being set as a cookie value. An attacker could exploit th...

CVE-2021-29963

Address bar search suggestions in private browsing mode were re-using session data from normal mode. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 89...

CVE-2021-29963

Address bar search suggestions in private browsing mode were re-using session data from normal mode. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 89...

UBUNTU-CVE-2021-29963

Address bar search suggestions in private browsing mode were re-using session data from normal mode. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 89...

CVE-2021-29963

Address bar search suggestions in private browsing mode were re-using session data from normal mode. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 89...

CVE-2021-31769

CVE-2021-31769 affects MyQ X Smart prior to 8.2. The vulnerability allows remote code execution because administrative session data can be read from %PROGRAMFILES%\MyQ\PHP\Sessions, and the non‑administration‑restricted “Select server file” feature enables attackers to inject arbitrary OS command...

Nextcloud Talk Authorization Issues Vulnerability (CNVD-2021-44989)

Nextcloud Talk is a self-hosted local audio/video and chat communication service from Nextcloud Germany. An authorization issue vulnerability exists in Nextcloud Talk that stems from unchanged cookie session data after changing authentication information in Talk. No details of the vulnerability a...

CVE-2021-21490

SAP NetWeaver AS for ABAP Web Survey, versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current...

SAP NetWeaver AS ABAP Business Server 跨站脚本漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A cross-site scripting vulnerability exists in SAP NetWeaver AS for ABAP, which can be exploited by an attacker ...

Mozilla Firefox Data Forgery Issue Vulnerability (CNVD-2021-54703)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a data forgery issue that stems from the address bar search suggestion in privacy mode being a reuse of session data in normal mode, which can be exploited by remote attackers to...

Shared Cookie

firefox uses shared cookie. The vulnerability exists due to having the address bar search suggestions in private browsing mode session data from normal mode...

Mozilla Firefox 数据伪造问题漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a data forgery issue that stems from the address bar search suggestion in privacy mode being a reuse of session data in normal mode, which can be exploited by remote attackers to...