32 matches found
CVE-2025-24875
SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None SameSite=None. This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues...
CVE-2025-24875 SameSite Defense in Depth not applied for some cookies in SAP Commerce
SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None SameSite=None. This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues...
PT-2023-21918
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.0-M2 Apache Tomcat versions 10.1.0-M1 through 10.1.5 Apache Tomcat versions 9.0.0-M1 through 9.0.71 Apache Tomcat versions 8.5.0 through 8.5.85 Description When using the RemoteIpFilter with reques...
CVE-2022-45411
Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers placed limits on fetch and XMLHttpReques...
Mattermost Server does not check if cookies are used over SSL
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL...
GHSA-MQ3Q-JJPH-RP5P Plone CMS Improper Session Management
Plone CMS before 3 places a base64 encoded form of the username and password in the ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network...
IBM Security Identity Governance and Intelligence 后置链接漏洞
IBM Security Identity Governance and Intelligence is an integrated identity management solution based on network devices. An information disclosure vulnerability exists in IBM Security Identity Governance and Intelligence 5.2.6. The vulnerability stems from the product not setting security...
CVE-2020-4763
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The...
CVE-2018-9112
A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-FC4064-T APGTB385.8.3lb15-W47 LTE Build 15. In addition, its web management page relies on the existence or values of cookies when performing security-critical operations. One can gain privileges b...
Jobberbase 2.0 Disclosure / XSS / Code Execution / Upload
Jobberbase: http://www.jobberbase.com/ Version: 2.0 By Ross Marks: http://www.rossmarks.co.uk 1 Local path disclosure - change any variable to an array and in most cases it will tell you the local path where the application is installed eg...
MRCGIGUY FreeTicket SQL Injection
MRCGIGUY FreeTicket Multiple Remote Vulnerabilities Founder: ThE g0bL!N ------ Home: http:/www.4ckx.com/dz/ ---- Download: http://www.mrcgiguy.com/cgi-bin/freedown.cgi?id=1 Vendor:http://www.mrcgiguy.com Special Thx: Snakespc His0k4 Note: Algerie 3-1 Egypt Exploit: ------ Cookies insecure...
Cherokee 0.1.x0.2.x0.4.x - Error Page Cross-Site Scripting
Cherokee 0.1.x0.2.x0.4.x - Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/9496/info Cherokee has been reported to contain a cross-site scripting vulnerability via error pages. An attacker can exploit this issue by crafting a URI link containing the malevolent HTML or...