Bugtraq: WysGui CMS 1.2 BETA(Insecure Cookie Handling)–Blind-sql-injection-exploit–> WysGui CMS 1.2 BETA(Insecure Cookie Handling)–Blind-sql-injection-exploit–> URL: http://www.securityfocus.com/archive/1/502814
Posts Tagged ‘Cookie’
->
Multiple Remote Vulnerabilities–SQLi-(INSECURE-COOKIE-HANDLING)-LFI–> <!– Envelope-to: email@address Delivery-date: Mon, 20 Apr 2009 18:57:48 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1Lvxka-0000qw-6w for email@address; Mon, 20 Apr 2009 18:57:48 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id 3396C2376F9; Mon, 20 Apr 2009 10:29:02 -0600 (MDT) Mailing-List: contact [...]
->
WysGui CMS 1.2 BETA(Insecure Cookie Handling)–Blind-sql-injection-exploit–> <!– Envelope-to: email@address Delivery-date: Mon, 20 Apr 2009 18:43:55 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1LvxX8-0000Xk-UU for email@address; Mon, 20 Apr 2009 18:43:55 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id 88E0A23766C; Mon, 20 Apr 2009 10:28:30 -0600 [...]
CLAN TIGER CMS–MULTIPLE COOKIES HANDLING VULNERABILITIES–>
Bugtraq: CLAN TIGER CMS–MULTIPLE COOKIES HANDLING VULNERABILITIES–> CLAN TIGER CMS–MULTIPLE COOKIES HANDLING VULNERABILITIES–> URL: http://www.securityfocus.com/archive/1/502765
->
CLAN TIGER CMS–MULTIPLE COOKIES HANDLING VULNERABILITIES–> <!– Envelope-to: email@address Delivery-date: Fri, 17 Apr 2009 20:28:22 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1Lutja-0005pU-Ko for email@address; Fri, 17 Apr 2009 20:28:22 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 3AE9314396D; Fri, 17 Apr 2009 13:09:30 -0600 [...]
1317 (aqua_cms)
CVE-2009-1317 (aqua_cms) Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userSID cookie parameter to droplets/functions/base.php and the (2) username parameter to admin/index.php. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1317
Online Password Manager Insecure Cookie Authentication Bypass Vulnerability
Vuln: Online Password Manager Insecure Cookie Authentication Bypass Vulnerability Online Password Manager Insecure Cookie Authentication Bypass Vulnerability URL: http://www.securityfocus.com/bid/34555
-
webSPELL 4.2.0c–XSS (BYPASS BBCODE) COOKIES STEALING VULNERABILITY– <!– Envelope-to: email@address Delivery-date: Thu, 16 Apr 2009 17:03:38 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1LuU3u-0007He-Na for email@address; Thu, 16 Apr 2009 17:03:38 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id EDB9C2374FD; Thu, 16 Apr 2009 09:03:52 [...]
0237 (forefront_threat_management_gateway, internet_security_and_acceleration_server)
CVE-2009-0237 (forefront_threat_management_gateway, internet_security_and_acceleration_server) Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via “authentication input” to this [...]
6667 (a_php_scripts_news_management_system)
CVE-2008-6667 (a_php_scripts_news_management_system) A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6667
news)
CVE-2008-6664 (sh-news) action.php in SH-News 3.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the shuser and shpass cookies to non-zero values. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6664
glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit
glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit <!– Envelope-to: email@address Delivery-date: Fri, 03 Apr 2009 16:48:10 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1Lplco-0003YB-MP for email@address; Fri, 03 Apr 2009 16:48:10 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 91B68143B28; Fri, 3 Apr [...]
6599 (cookiecheck)
CVE-2008-6599 (cookiecheck) cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the “default session save path.” URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6599
vision_cms)
CVE-2008-6551 (e-vision_cms) Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) an adminlang cookie to admin/ind_ex.php; or the module parameter to (2) 3rdparty/adminpart/add3rdparty.php, (3) polling/adminpart/addpolling.php, (4) contact/adminpart/addcontact.php, (5) brandnews/adminpart/addbrandnews.php, (6) newsletter/adminpart/addnewsletter.php, (7) game/adminpart… [...]
Arcadwy Arcade Script ‘user’ Cookie Parameter SQL Injection Vulnerability
Vuln: Arcadwy Arcade Script ‘user’ Cookie Parameter SQL Injection Vulnerability Arcadwy Arcade Script ‘user’ Cookie Parameter SQL Injection Vulnerability URL: http://www.securityfocus.com/bid/34284
