Lucene search
K

32 matches found

NVD
NVD
added 2025/02/11 1:15 a.m.7 views

CVE-2025-24875

SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None SameSite=None. This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues...

6.8CVSS0.00169EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/11 12:37 a.m.5 views

CVE-2025-24875 SameSite Defense in Depth not applied for some cookies in SAP Commerce

SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None SameSite=None. This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues...

6.8CVSS6.8AI score0.00169EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/02/24 12:0 a.m.17 views

PT-2023-21918

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.0-M2 Apache Tomcat versions 10.1.0-M1 through 10.1.5 Apache Tomcat versions 9.0.0-M1 through 9.0.71 Apache Tomcat versions 8.5.0 through 8.5.85 Description When using the RemoteIpFilter with reques...

10CVSS7.2AI score0.99999EPSS
Exploits197References198
Vulnrichment
Vulnrichment
added 2022/12/22 12:0 a.m.7 views

CVE-2022-45411

Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers placed limits on fetch and XMLHttpReques...

5.4AI score0.00575EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:21 p.m.5 views

Mattermost Server does not check if cookies are used over SSL

An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL...

5.3CVSS7AI score0.00872EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/01 11:39 p.m.6 views

GHSA-MQ3Q-JJPH-RP5P Plone CMS Improper Session Management

Plone CMS before 3 places a base64 encoded form of the username and password in the ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network...

7.5CVSS6.9AI score0.01424EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/01/21 12:0 a.m.7 views

IBM Security Identity Governance and Intelligence 后置链接漏洞

IBM Security Identity Governance and Intelligence is an integrated identity management solution based on network devices. An information disclosure vulnerability exists in IBM Security Identity Governance and Intelligence 5.2.6. The vulnerability stems from the product not setting security...

4.3CVSS5.8AI score0.01428EPSS
Exploits0References3
NVD
NVD
added 2020/11/16 5:15 p.m.29 views

CVE-2020-4763

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The...

4.3CVSS4.2AI score0.00989EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2018/05/10 3:29 a.m.4 views

CVE-2018-9112

A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-FC4064-T APGTB385.8.3lb15-W47 LTE Build 15. In addition, its web management page relies on the existence or values of cookies when performing security-critical operations. One can gain privileges b...

9.8CVSS5.5AI score0.01335EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2016/09/08 12:0 a.m.32 views

Jobberbase 2.0 Disclosure / XSS / Code Execution / Upload

Jobberbase: http://www.jobberbase.com/ Version: 2.0 By Ross Marks: http://www.rossmarks.co.uk 1 Local path disclosure - change any variable to an array and in most cases it will tell you the local path where the application is installed eg...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2009/06/10 12:0 a.m.31 views

MRCGIGUY FreeTicket SQL Injection

MRCGIGUY FreeTicket Multiple Remote Vulnerabilities Founder: ThE g0bL!N ------ Home: http:/www.4ckx.com/dz/ ---- Download: http://www.mrcgiguy.com/cgi-bin/freedown.cgi?id=1 Vendor:http://www.mrcgiguy.com Special Thx: Snakespc His0k4 Note: Algerie 3-1 Egypt Exploit: ------ Cookies insecure...

0.6AI score
Exploits0
exploitpack
exploitpack
added 2004/01/26 12:0 a.m.26 views

Cherokee 0.1.x0.2.x0.4.x - Error Page Cross-Site Scripting

Cherokee 0.1.x0.2.x0.4.x - Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/9496/info Cherokee has been reported to contain a cross-site scripting vulnerability via error pages. An attacker can exploit this issue by crafting a URI link containing the malevolent HTML or...

6.8AI score
Exploits0
Rows per page
Query Builder