882 matches found
CVE-2011-4729
CVE-2011-4729 : The Parallels Plesk Panel 10.2.0_build1011110331.18 Server Administration Panel fails to set the HTTPOnly flag on cookies (notably those used by login_up.php3 and other files). This exposes cookies to access via client-side scripts, leading to potential disclosure of sensitive inf...
CVE-2011-4765
The CVE concerns Parallels Plesk Small Business Panel 10.2.0, where the Site Editor (SiteBuilder) feature fails to set the HTTPOnly flag on a Set-Cookie header. This omission allows scripts to access the cookie, potentially leaking sensitive information via cookies used by Wizard/Edit/Modules/Ima...
CVE-2011-4765
The Site Editor aka SiteBuilder feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated b...
CVE-2011-4756
CVE-2011-4756 affects Parallels Plesk Small Business Panel 10.2.0. The cookie Set-Cookie header does not include the HttpOnly flag, enabling potential script access to cookies used by domains/sitebuilder_edit.php and related files, which could expose sensitive information. The connected documents...
CVE-2011-4729
The Server Administration Panel in Parallels Plesk Panel 10.2.0build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by...
CVE-2011-4738
The CVE-2011-4738 entry describes a vulnerability in Parallels Plesk Panel 10.2.0 build 20110407.20 where the HTTPOnly flag is missing on a Set-Cookie header. This absence allows remote attackers to access cookie values via script, potentially exposing sensitive information such as data used by g...
Moderate: Red Hat Security Advisory: Red Hat Network Satellite server security and enhancement update
Updated packages that fix several security issues and add one enhancement are now available for Red Hat Network Satellite 5.4.1 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CV...
Cross site scripting
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...
CVE-2011-2224
CVE-2011-2224 – Normal mode Affected product: Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428. Vulnerability: Missing HTTPOnly flag in a Set-Cookie header, which can enable cross-site scripting (XSS) via unspecified vectors. Impact: Remote XSS potential as describ...
CentOS Update for firefox CESA-2009:0256 centos4 i386
Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2009:0256 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
CentOS Update for seamonkey CESA-2009:0257 centos3 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CentOS Update for firefox CESA-2009:0256 centos5 i386
Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2009:0256 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
CentOS Update for seamonkey CESA-2009:0257 centos4 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Design/Logic Flaw
login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2011-2154
CVE-2011-2154 affects SmarterTools SmarterStats 6.0 web server. The loginsettings cookie is missing the HTTPOnly flag in the Set-Cookie header, allowing potential script access to the cookie and exposure of sensitive information. The available data from NVD lists a CVSS v2 base score of 5.0 (Medi...
CVE-2011-2154
login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
[AntiSnatchOr] OpenCMS <= 7.5.3 multiple vulnerabilities
OpenCMS = 7.5.3 multiple vulnerabilities Name: OpenCMS = 7.5.3 multiple vulnerabilities Systems Affected: OpenCMS = 7.5.3 Severity: High Vendor: http://www.opencms.org Advisory: http://antisnatchor.com/opencms7.5.3multiplevulnerabilities Author: Michele "antisnatchor" Orru michele.orru AT...
OpenCMS 7.5.3 Cross Site Scripting
OpenCMS alert666 HTTP/1.1 Host: localhost:8080 ... The URI /opencms/opencms/system/workplace/views/explorer/contextmenu.jsp is vulnerable too, but we should know a valid resource name to exploit...
Web Server HttpOnly Cookies Not In Use
Binary data 5799.prm...
Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities
According to its self-reported version number, the instance of Apache Tomcat 6.0.x listening on the remote host is prior to 6.0.30. It is, therefore, affected by multiple vulnerabilities : - An error in the access restriction on a 'ServletContext' attribute that holds the location of the work...