CVE-2009-1150 (phpmyadmin) Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1150
Posts Tagged ‘Cookie’
6517 (1.0.3_beta)
CVE-2008-6517 (1.0.3_beta) SQL injection vulnerability in NewsHOWLER 1.03 Beta allows remote attackers to execute arbitrary SQL commands via the news_user cookie parameter. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6517
6523 (openinvoice)
CVE-2008-6523 (openinvoice) auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6523
1050 (bloginator)
CVE-2009-1050 (bloginator) Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1050
0921 (network_node_manager)
CVE-2009-0921 (network_node_manager) Multiple heap-based buffer overflows in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long OvAcceptLang cookie, which triggers the error in ov.dll and ovwww.dll, or (2) a long Accept-Language HTTP header, which triggers the error in ovwww.dll or [...]
0920 (network_node_manager)
CVE-2009-0920 (network_node_manager) Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0920
Multiple Cookies combined to a single Set-Cookie response
Multiple Cookies combined to a single Set-Cookie response Posted by Phani on Mar 20 Hello everyone, I am facing a trouble setting multiple cookies combined in a single Set-Cookie request. Though following RFC 2109 ( www.faqs.org/rfcs/rfc2109) <http://www.faqs.org/rfcs/rfc2109>, and MSDN msdn.microsoft.com/en-us/library/aa384321(VS.85).aspx both IE and… URL: http://seclists.org/fulldisclosure/2009/Mar/0299.html
Rise in SQL Injection Attacks Exploiting Unverified User Data Input – 6/25/2008
Microsoft Security Advisory (954462): Rise in SQL Injection Attacks Exploiting Unverified User Data Input – 6/25/2008 Revision Note: June 25, 2008: Removed erroneous references to form field and cookie value testing from the HP Scrawlr tool description. Advisory Summary:Microsoft is aware of a recent escalation in a class of attacks targeting Web sites that use [...]
