263 matches found
CVE-2012-1288
The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session...
CVE-2014-2871
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the network...
PT-2025-3910 · Cp Plus · Cp Plus Router
Name of the Vulnerable Software and Affected Versions: CP Plus Router affected versions not specified Description: This issue exists due to insecure handling of cookie flags used within the web interface of the CP Plus Router. A remote attacker could exploit this by intercepting data transmission...
Synology DiskStation Manager Cleartext Transmission of Sensitive Information (CVE-2021-26560)
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. This plugin only works with Tenable.ot. Please visit...
Synology DiskStation Manager Cleartext Transmission of Sensitive Information (CVE-2021-26564)
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. This plugin only works with Tenable.ot. Please visit...
CVE-2024-44575
RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...
CVE-2024-44575
CVE-2024-44575 affects RELY-PCIe versions 22.2.1–23.1.0. The issue is that the Secure attribute is not set for sensitive cookies in HTTPS sessions, which could allow a user agent to send cookies in cleartext over an HTTP session. The vulnerability is documented with a CVSS v3.1 base score of 3.7 ...
CVE-2024-41687
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text. A remote attacker could exploit this vulnerability by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow...
CVE-2024-41687 Cleartext Transmission of Sensitive Information Vulnerability
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text. A remote attacker could exploit this vulnerability by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow...
CVE-2024-41684
The CVE-2024-41684 entry concerns SyroTech SY-GPON-1110-WDONT Router where a missing secure flag on session cookies in the web management interface allows cookie interception over HTTP. A remote attacker could capture cookies and compromise the system, per descriptions across multiple sources (NV...
CVE-2024-41684 Cookie Without Secure Flag Set Vulnerability
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system...
CVE-2023-46121
yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie...
Design/Logic Flaw
yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie...
CVE-2023-46121 Generic Extractor MITM Vulnerability in yt-dlp
yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie...
CVE-2023-46121
CVE-2023-46121 – yt-dlp Generic Extractor MitM vulnerability affects the yt-dlp project (a fork of youtube-dl) where the Generic Extractor could be fed an arbitrary proxy via a crafted URL, enabling a man-in-the-middle on the HTTP session and potential cookie exfiltration. Technical details acros...
CVE-2023-46121 Generic Extractor MITM Vulnerability in yt-dlp
yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie...
PT-2023-9021 · Spring · Spring Security
Name of the Vulnerable Software and Affected Versions: Spring Security versions 5.7.x through 5.7.7 Spring Security versions 5.8.x through 5.8.2 Spring Security versions 6.0.x through 6.0.2 Description: The issue is related to the logout support not properly cleaning the security context if using...
SUSE CVE-2016-1693
browser/safebrowsing/srtfieldtrialwin.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chromecleanuptool.exe aka CCT file via a man-in-the-middle attack on an HTTP session...
Cookie without Secure attribute
Description The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. Proof of Concept http HTTP/1.1 200 OK Content-Type: application/json Content-Length: 107 Vary: Accept-Encoding Set-Cookie:...
GHSA-HHXG-PX5H-JC32 Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The name of the pat...