Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in khodakhah/nodcms

Description Implement both Secure flag and httponly flag in the application. Proof of Concept Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from bein...

Ubuntu Update for python-django USN-2169-1

Check for the Version of python-django OpenVAS Vulnerability Test $Id: gbubuntuUSN21691.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for python-django USN-2169-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is...

A security vulnerability in S8Forum

INFORMATIONS : ============= - Product : S8Forum - Tested version : 3.0 maybe other versions. - Website : http://www.kellishaver.com/ Vendor Status: not informed yet !!! - Problem : A security vulnerability in S8Forum PROBLEM : ========= This forum writen by PHP. It doesn't use database, instead...

XSS bug in php(Reactor)

Vulnerable systems: 1.2.7pl1 Exploit: forums/browse.php?fid=3&tid=46&go=scriptJavaScript:alert 'Hi';/script with out "" Solution: i thought this but i am not sure open browse.php and add this code in line 52: $go = HTMLSpecialChars$go; $go = PREGReplace"/A-Z&.;:!@$^''//i", "", $go;...