CVE-2016-2923

CVE-2016-2923 affects IBM WebSphere Application Server Liberty (JAX-RS API cookies) where HTTPOnly flag is not set, enabling remote attackers to read cookies and potentially access sensitive data. Affected: WebSphere Application Server 8.5.x (8.5–8.5.5.9) and Liberty prior to 16.0.0.2. CVSSv3.0 v...

CVE-2016-2923

IBM WebSphere Application Server WAS 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script acces...

Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities

Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities + Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SYMANTEC-SEPM-MULTIPLE-VULNS.txt + ISR: ApparitionSec Vendor: ================ www.symantec.com Product:...

Enonic XP: source code security analysis report

Several vulnerabilities were discovered in Enonic AS 'Enonic XP' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Отсутствие верификации цифровой подписи исполняемых файлов, полученных из недоверенных источников HttpOnly...

Jetpack for WordPress: source code security analysis report

Several vulnerabilities were discovered in Automatic 'Jetpack for WordPress' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in...

CMSimple CMS: source code security analysis report

Several vulnerabilities were discovered in CMSimple 'CMSimple CMS' software: File System Path Manipulation Incorrect User Input Filtration when Using Regular Expressions while Calling the pregreplace Function Using Global Variables Using Insufficiently Random Generators in Cryptography HttpOnly...

Concrete5 CMS: source code security analysis report

Several vulnerabilities were discovered in Portland Labs 'Concrete5 CMS' software: File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect Permissions...

JSN PowerAdmin extension for Joomla!: source code security analysis report

Several vulnerabilities were discovered in JoomlaShine 'JSN PowerAdmin extension for Joomla!' software: Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect Permissions for External Entities During XML Document Processing Incorrect User Input Filtration when...

Apache Apex: source code security analysis report

Several vulnerabilities were discovered in The Apache Software Foundation 'Apache Apex' software: Using XSL Transformation to Execute Any Code Missing Verification of Executable Files' Digital Signature when Executing them from Untrusted Sources HttpOnly Cookies Incorrect User Input Filtration wh...

WordPress CMS: source code security analysis report

Several vulnerabilities were discovered in Wordpress Foundation 'WordPress CMS' software: File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect User...

CVE-2016-2304

Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

Code injection

Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

CVE-2016-2304

Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

CVE-2016-2304

CVE-2016-2304 affects Ecava IntegraXor prior to version 5.0, build 4522. The issue is that the HTTPOnly flag is not set on the session cookie in the web server, enabling a remote attacker to access the cookie via scripts and potentially log in as an administrator. Public sources describe this as ...

MODX Revolution: source code security analysis report

Several vulnerabilities were discovered in MODX 'MODX Revolution' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random...

Ecava IntegraXor Information Disclosure Vulnerability (CNVD-2016-02341)

Ecava IntegraXor is a set of Web-based tools for creating and running HMI interfaces for SCADA systems. An information disclosure vulnerability exists in Ecava IntegraXor prior to version 5.0 build 4522 that stems from the program not setting the HTTPOnly flag in the session cookie. A remote...

Secure Flag not set for Cookies generated by Netscaler if Vserver is part of Persistence Group

We need to have the NSC cookies using the Secure and HttpOnly flag set, however Secure flag is not set by NetScaler...

Gratipay: csrf_token cookie don't have the flag "HttpOnly"

As the researcher @kuskumar pointed out, the cookie csrftoken doesn't have the HttpOnly flag. While it is often seen as bad practice to leave cookies without this flag since they are likely to be stolen via XSS, our session cookie has this flag set, making impersonation harder. Regarding csrftoke...

Bumble: Password modification without knowing actual password & httpOnly bypass

Two issues: Session cookie is returned in HTML source code of /encounters page, which would allow an XSS attacker to steal it, even if httpOnly is activated. A secret value, present in HTML source code of some api.phtml pages, can be used to modify user's password without knowing actual one...

Zomato: XSS via modified Zomato widget (res_search_widget.php)

Table of Contents: 1. Short Description of Security Issue 2. Proof of Concept 1. Short Description of Security Issue The widget API endpoint at https://www.zomato.com/widgets/ressearchwidget.php is vulnerable to XSS in the languageid parameter. An attacker can create a web page that includes a...