Grammarly: Account takeover through the combination of cookie manipulation and XSS

Summary: A cookie based XSS on www.grammarly.com exists due to reflection of a cookie called gnarcontainerId in DOM without any sanitization. Normally, gnarcontainerId is being set by the server however a vulnerable endpoint at gnar.grammarly.com called "/cookies" allows us to manipulate cookies...

IBM BigFix Platform Information Disclosure Vulnerability (CNVD-2018-26898)

IBM BigFix Platform is a dynamic set of IBM's integrated messaging content-driven and management system multi-technology platform. A security vulnerability exists in IBM BigFix Platform that originates from the program failing to set the 'HttpOnly' attribute of an authorization token or session...

CVE-2018-1480

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the 'HttpOnly' attribute on authorization tokens or session cookies. If a Cross-Site Scripting vulnerability also existed attackers may be able to get the cookie values via malicious JavaScript and then hijack the user...

Low: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R9 security and bug fix update

An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2018-16958

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NETSessionID primary session cookie, when Internet Information Services IIS with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is...

CVE-2018-16958

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NETSessionID primary session cookie, when Internet Information Services IIS with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is...

Buffer overflow

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NETSessionID primary session cookie, when Internet Information Services IIS with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is...

CVE-2018-16958

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NETSessionID primary session cookie, when Internet Information Services IIS with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is...

CVE-2018-15681

An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie c...

CVE-2018-15681

An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie c...

Default credentials

An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie c...

CVE-2018-15681

An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie c...

Security Bulletin: IBM QRadar Incident Forensics is vulnerable to session highjacking. (CVE-2015-1994)

Summary IBM QRadar incident forensics authorization cookie is missing the httponly attribute. Vulnerability Details CVE-ID: CVE-2015-1994 Description: IBM Qradar Incident Forensics could allow a remote attacker to obtain sensitive information, caused by the failure to set the httponly attribute f...

CVE-2018-5114

If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox 58...

CVE-2018-5114

If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox 58...

Design/Logic Flaw

If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox 58...

CVE-2018-5114

If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox 58...

CVE-2018-5114

CVE-2018-5114 affects Mozilla Firefox (pre-58) where changing an existing cookie to HttpOnly while a document is open leaves the original value accessible via script until the document is closed; network requests then use the changed HttpOnly cookie. Reported as part of the Firefox set of issues ...

CVE-2018-5114

If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox 58...

Insecure Cookie Handling

drill-java-exec is vulnerable to insecure cookie handling attacks. The vulnerability exists due to the lack of httpOnly flag in the response cookies, allowing the cookies to be stolen by a third party website...