CVE-2022-33167

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the...

CVE-2022-33167 IBM Security Directory Integrator information disclosure

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the...

CVE-2022-33167

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 are affected by CVE-2022-33167 due to failure to set the HTTPOnly flag on cookies, enabling an remote attacker to read sensitive data from cookies. Affected products: IBM Security Directory Integrator 7.2....

CVE-2024-41685

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable syste...

CVE-2024-41685

Summary: CVE-2024-41685 affects the SyroTech SY-GPON-1110-WDONT router. Root cause: session cookies used by the router’s web management interface lack the HTTPOnly flag, enabling potential cookie theft. Impact (as stated): an attacker with remote access could intercept HTTP session transmissions,...

CVE-2024-41685 Cookie Without HTTPOnly Flag Set Vulnerability

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable syste...

CVE-2024-41685 Cookie Without HTTPOnly Flag Set Vulnerability

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable syste...

CVE-2024-6741

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled...

CVE-2024-6741

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled...

CVE-2024-6741

Summary: Multiple sources describe a vulnerability in Openfind Mail2000 where the HttpOnly flag can be bypassed, enabling unauthenticated remote attackers to obtain the session cookie via crafted JavaScript. Affected product: Openfind Mail2000 (email web system). Technical details: Bypass of Http...

CVE-2024-6741 Openfind Mail2000 - HttpOnly flag bypass

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled...

CVE-2024-6741 Openfind Mail2000 - HttpOnly flag bypass

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled...

CVE-2024-6739 Openfind MailGates and MailAudit - Sensitive Cookie Without 'HttpOnly' Flag

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS...

CVE-2024-6739

CVE-2024-6739 affects Openfind MailGates and MailAudit. The root cause is a session cookie without the HttpOnly flag, enabling potential cookie theft via XSS. Public details indicate affected versions include Openfind MailGates < 6.1.7.040 and MailAudit

CVE-2024-6739 Openfind MailGates and MailAudit - Sensitive Cookie Without 'HttpOnly' Flag

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS...

Openfind MailGates and Openfind MailAudit Security Vulnerabilities

Openfind MailGates and Openfind MailAudit are both products of China's Openfind Corporation.Openfind MailGates is an email security system. Openfind MailGates is an email security system that supports email filtering and APT attack defense, etc. Openfind MailAudit is a software for enterprise ema...

PT-2024-37837 · Openfind · Openfind Mail2000

Name of the Vulnerable Software and Affected Versions: Openfind Mail2000 affected versions not specified Description: The issue allows unauthenticated remote attackers to bypass the HttpOnly flag. Attackers can exploit this using specific JavaScript code to obtain the session cookie with the...

PT-2024-37835 · Openfind · Openfind Mailgates +1

Name of the Vulnerable Software and Affected Versions: Openfind MailGates and MailAudit affected versions not specified Description: The issue concerns the session cookie in MailGates and MailAudit, which does not have the HttpOnly flag enabled. This allows remote attackers to potentially steal t...

Openfind Mail2000 Security Vulnerability

Openfind Mail2000 is a web-based email system from China Netrock Information Openfind. A security vulnerability exists in Openfind Mail2000 that originates from allowing bypassing the HttpOnly flag, which allows an unauthenticated, remote attacker to obtain a session cookie with the HttpOnly flag...

Unspecified Vulnerability in NETGEAR WNR614

The Netgear WNR614 is an N300 wireless router with external antenna from Netgear USA. The Netgear WNR614 suffers from a security vulnerability that stems from not properly setting the HTTPOnly flag of a cookie, which can be exploited by an attacker to intercept and access sensitive communications...