CVE-2025-8814 atjiu pybbs CookieUtil.java setCookie cross-site request forgery

A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has...

PT-2025-32489 · Unknown · Atjiu Pybbs

Name of the Vulnerable Software and Affected Versions: atjiu pybbs versions up to 6.0.0 Description: A problematic issue exists in the setCookie function within the src/main/java/co/yiiu/pybbs/util/CookieUtil.java file. This allows for cross-site request forgery, potentially initiated remotely. T...

CVE-2024-29973

UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a...

VulnCheck KEV: CVE-2024-29973

The command injection vulnerability in the 'setCookie' parameter in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted HTTP POST...

CVE-2024-29973

UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a...

CVE-2024-29973

UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a...

Information Disclosure

thorsten/phpmyfaq is vulnerable to information disclosure.The vulnerability exists in the setCookie function of session.php due to insecure HTTP cookies without the 'secure' attribute which allows an attacker to gain access to sensitive information...

Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued

Impact Setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. Note This vulnerability does not affect session cookies. The following code does not issue a cookie with the secure flag even if you set $secure = true in Config\Cookie. php...

in phpservermon/phpservermon

✍️ Description The program creates a cookie without setting the secure flag to true. Modern web browsers support a secure flag for each cookie. If the flag is set, the browser will only send the cookie over HTTPS. Sending cookies over an unencrypted channel can expose them to network sniffing...

CVE-2020-11582

An issue was discovered in Pulse Secure Pulse Connect Secure PCS through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HT...

Fedora 22 : php-ZendFramework2-2.4.8-1.fc22 (2015-16034)

Zend Framework 2.4.8 Security Update ZF2015-07: The filesystem storage adapter of Zend\Cache was creating directories with a liberal umask that could lead to local arbitrary code execution and/or local privilege escalation. This release contains a patch that ensures the directories are created...

Monstra 3.0.1 HTTP Response Splitting

Monstra 5.1.2...

[SECURITY] Fedora 19 Update: php-symfony2-HttpFoundation-2.2.5-1.fc19

The HttpFoundation Component defines an object-oriented layer for the HTTP specification. In PHP, the request is represented by some global variables $GET, $POST, $FILE, $COOKIE, $SESSION... and the response is generated by some funct ions echo, header, setcookie, .... The Symfony2 HttpFoundation...

PHP 5.2.x<5.2.14,5.3.x<5.3.3 strip_tags,setcookie,strtok,wordwrap,str_word_count,str_pad 函数信息

No description provided by source...

OwenPoll 1.0 Insecure Cookie Handling Vulnerability

Exploit for unknown platform in category web applications =================================================== OwenPoll 1.0 Insecure Cookie Handling Vulnerability =================================================== START 0x01 Informations: Script : OwenPoll 1.0 Download :...

Tribiq CMS 5.0.9a (Beta) - Insecure Cookie Handling

Tribiq CMS 5.0.9a Beta - Insecure Cookie Handling biqcms 5.0.9a beta Insecure Cookie Handling Vulnerability donwload: http://sourceforge.net/project/showfiles.php?groupid=143555&packageid=232638&releaseid=636935 ---------------------------------------------------------- Discovered By: ZoRLu Date:...

Tribiq CMS 5.0.9a (Beta) - Insecure Cookie Handling

biqcms 5.0.9a beta Insecure Cookie Handling Vulnerability donwload: http://sourceforge.net/project/showfiles.php?groupid=143555&packageid=232638&releaseid=636935 ---------------------------------------------------------- Discovered By: ZoRLu Date: 30.10.2008 Home: www.z0rlu.blogspot.com contact:...

PHP iCalendar 2.24 - cookie_language Local File Inclusion Arbitrary File Upload

PHP iCalendar 2.24 - cookielanguage Local File Inclusion Arbitrary File Upload '.$lang'lcalfile'.' '.$filenumber.': '.$lang'lactionsuccess'.''; 84. el...

RevokeBB Blind SQL Injection / Hash Extractor

!/usr/bin/php -q -d shortopentag=on ? echo " ------------------------------------------------------------- RevokeBB = 1.0 RC4 Blind SQL Injection / Hash Retrieve Exploit Site: http://www.revokesoft.net by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php...

phphoo3-sql.txt

phpHoo3 Login SQL injection // AYYILDIZ.ORG Gururla Sunar... download:http://cable-modems.org/phpHoo/files/phphoo3.zip author : iLker Kandemir mynet.com Risk : High Class : Remote Vuln. Script : phpHoo3 tnx : h0tturk,ekin0x,Gencnesil,Gencturk,koray,Ajann .. Vulnerable; ///admin.php code ;...