CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

882 matches found

0day.today•added 2012/01/31 12:0 a.m.•18 views

Apache httpOnly Cookie Disclosure

Exploit for multiple platform in category remote exploits // Source: https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08 // Most browsers limit cookies to 4k characters, so we need multiple function setCookies good // Construct string for cookie value var str = "...

7.1AI score

Exploits0

exploitpack•added 2012/01/31 12:0 a.m.•16 views

Apache - httpOnly Cookie Disclosure

Apache - httpOnly Cookie Disclosure // Source: https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08 // Most browsers limit cookies to 4k characters, so we need multiple function setCookies good // Construct string for cookie value var str = ""; for var i=0; i...

Exploits0

OSV•added 2012/01/28 4:5 a.m.•8 views

CVE-2012-0053

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...

6.2AI score

Exploits0References58

Prion•added 2012/01/28 4:5 a.m.•30 views

Design/Logic Flaw

4.3CVSS6.7AI score0.33846EPSS

Exploits4References45Affected Software11

NVD•added 2012/01/28 4:5 a.m.•18 views

CVE-2012-0053

4.3CVSS8.3AI score0.33846EPSS

Exploits4References45

Cvelist•added 2012/01/28 2:0 a.m.•118 views

CVE-2012-0053

8.3AI score0.33846EPSS

Exploits4References45

Debian CVE•added 2012/01/28 2:0 a.m.•38 views

CVE-2012-0053

4.3CVSS6.6AI score0.33846EPSS

Exploits4

Apache Httpd•added 2012/01/15 12:0 a.m.•37 views

Apache Httpd < 2.0.65 : error responses can expose cookies

A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified...

4.3CVSS0.8AI score0.33846EPSS

Exploits4Affected Software1

NVD•added 2011/12/16 11:55 a.m.•12 views

CVE-2011-4765

The Site Editor aka SiteBuilder feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated b...

4.3CVSS6.1AI score0.0025EPSS

Exploits0References2

NVD•added 2011/12/16 11:55 a.m.•7 views

CVE-2011-4756

Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by domains/sitebuilderedit.p...

5CVSS6.1AI score0.0025EPSS

Exploits0References2

NVD•added 2011/12/16 11:55 a.m.•9 views

CVE-2011-4738

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by...

5CVSS6.1AI score0.0025EPSS

Exploits0References2

NVD•added 2011/12/16 11:55 a.m.•10 views

CVE-2011-4729

The Server Administration Panel in Parallels Plesk Panel 10.2.0build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by...

5CVSS6.1AI score0.0025EPSS

Exploits0References2

Prion•added 2011/12/16 11:55 a.m.•12 views

Design/Logic Flaw

5CVSS6.6AI score0.0025EPSS

Exploits0References2Affected Software1

Prion•added 2011/12/16 11:55 a.m.•10 views

Code injection

5CVSS6.6AI score0.0025EPSS

Exploits0References2Affected Software1

Prion•added 2011/12/16 11:55 a.m.•9 views

Code injection

4.3CVSS6.6AI score0.0025EPSS

Exploits0References2Affected Software1

Prion•added 2011/12/16 11:55 a.m.•10 views

Code injection

5CVSS6.6AI score0.0025EPSS

Exploits0References2Affected Software1

Prion•added 2011/12/16 11:55 a.m.•13 views

Design/Logic Flaw

The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by...

4.3CVSS6.6AI score0.0025EPSS

Exploits0References1Affected Software1

Cvelist•added 2011/12/16 11:0 a.m.•16 views

CVE-2011-4738

6.1AI score0.0025EPSS

Exploits0References2

Cvelist•added 2011/12/16 11:0 a.m.•15 views

CVE-2011-4850

6.1AI score0.0025EPSS

Exploits0References1

CVE•added 2011/12/16 11:0 a.m.•40 views

CVE-2011-4850

The CVE-2011-4850 entry affects Parallels Plesk Panel 10.4.4_build20111103.18, where the HTTPOnly flag is absent in a Set-Cookie header used by cookies (e.g., in help.php), allowing remote attackers to access cookie data via script. This could partially expose sensitive information as described. ...

4.3CVSS6.3AI score0.0025EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by