Fastify Fastify-csrf Cross-Site Request Forgery Vulnerability

Fastify Fastify-csrf is a Javascript-based plugin that provides CSRF protection for Fastify in the Fastify community. A security vulnerability exists in fastify-csrf before 3.0.0 due to an insecure default value being used in the generated cookie, no httpOnly, and CSRF tokens being available in t...

CVE-2021-21494

MK-AUTH through 19.01 K4.9 allows XSS via the admin/logsajax.php tipo parameter. An attacker can leverage this to read the centralmka2 session token cookie, which is not set to HTTPOnly...

Design/Logic Flaw

MK-AUTH through 19.01 K4.9 allows XSS via the admin/logsajax.php tipo parameter. An attacker can leverage this to read the centralmka2 session token cookie, which is not set to HTTPOnly...

CVE-2021-21494

CVE-2021-21494 affects MK-AUTH up to version 19.01 K4.9. It enables a cross-site scripting (XSS) flaw via the admin/logs_ajax.php tipo parameter, allowing an attacker to read the centralmka2 session token cookie, which is not marked HttpOnly. The provided documents consistently describe the vulne...

CVE-2021-21494

MK-AUTH through 19.01 K4.9 allows XSS via the admin/logsajax.php tipo parameter. An attacker can leverage this to read the centralmka2 session token cookie, which is not set to HTTPOnly...

phpMyAdmin 4.0.x < 4.0.10.18 / 4.4.x < 4.4.15.9 / 4.6.x < 4.6.5 Multiple Vulnerabilities

According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.18, 4.4.x prior to 4.4.15.9, or 4.6.x prior to 4.6.5. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in phpMyAdmin. When the user does not...

IBM Cloud Pak for Security Information Disclosure Vulnerability (CNVD-2020-68252)

IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. An information disclosure vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. The vulnerability stems from the HTTPOnly flag not...

CVE-2020-4625

IBM Cloud Pak for Security 1.3.0.1CP4S could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie...

CVE-2020-4625

IBM Cloud Pak for Security 1.3.0.1CP4S could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie...

Information disclosure

IBM Cloud Pak for Security 1.3.0.1CP4S could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie...

Security Bulletin: CP4S 1.3.0.1 fails to use HTTPOnly flag (CVE-2020-4625)

Summary IBM Cloud Pak for Security CP4S could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. Vulnerability Details CVEID: CVE-2020-4625...

IBM Cloud Pak for Security 信息泄露漏洞

IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. An information disclosure vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. The vulnerability stems from the HTTPOnly flag not...

CVE-2020-25473

SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies...

CVE-2020-25473

SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies...

Session fixation

SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies...

CVE-2020-25473

SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies...

CVE-2020-25473

CVE-2020-25473 affects SimplePHPscripts News Script PHP Pro 2.3. The root cause is that HttpOnly is not set on session cookies, potentially exposing session data to client-side access. The NVD notes a network attack vector with low complexity and no authentication required, leading to partial con...

Simplephpscripts News Script PHP Pro Security Vulnerability

Simplephpscripts Simplephpscripts News Script PHP Pro is a Php Mysql based news distribution system by Simplephpscripts Bulgaria. A security vulnerability exists in SimplePHPscripts News Script PHP Pro version 2.3 that stems from not properly setting the HttpOnly flag from the session cookie...

Synology SRM web interface session cookie HttpOnly flag information disclosure vulnerability

Talos Vulnerability Report TALOS-2020-1086 Synology SRM web interface session cookie HttpOnly flag information disclosure vulnerability October 30, 2020 CVE Number CVE-2020-27658 SUMMARY An exploitable information disclosure vulnerability exists in the web interface session cookie functionality o...

Synology Router Manager Information Disclosure Vulnerability (CNVD-2020-60462)

Synology Router Manager SRM is a software for configuring and managing Synology routers from Synology Inc. of Taiwan, China. An information disclosure vulnerability exists in Synology Router Manager SRM versions prior to 1.2.4-8081, which stems from a failure to include the HTTPOnly flag in the...