CVE-2019-25278

FaceSentry Access Control System 6.4.8 is vulnerable to a cleartext transmission issue that enables remote attackers to perform MiTM attacks and intercept authentication credentials (e.g., HTTP cookie data) during network communications. The vulnerability stems from transmitting credentials in cl...

EUVD-2008-3649

Malware in sbrugna...

EUVD-2019-5878

Malware in sbrugna...

CVE-2019-10907

Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. An attacker able to capture cookies might be able to trivially bruteforce offline the passwords of associated users...

CVE-2019-14731

An issue was discovered in ZenTao 11.5.1. There is an XSS stored vulnerability that leads to the capture of other people's cookies via the Rich Text Box...

CVE-2024-35110

A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker...

CVE-2024-35110

A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker...

CVE-2024-35110

A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker...

CVE-2022-2338

Softing Secure Integration Server V1.22 is affected by an authentication bypass vulnerability caused by cleartext transmission over HTTP that enables a machine-in-the-middle attack to capture a session cookie and authenticate to the server. Affected components include Secure Integration Server an...

Cross-site Scripting (XSS) - Reflected in navigatecms/navigate-cms

Description Cross-Site Scripting is vulnerability which allows attackers to execute arbitrary javascript code in the browser of victim. Proof of Concept Parameter: id Payload: alertdocument.cookie Affected endpoints: On Firefox browser, visit: 1...

CVE-2021-28858

TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information...

CVE-2021-28858

TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information...

TP-Link TL-WPA4220 信息泄露漏洞

Tp-link TP-Link TL-WPA4220 is a home wireless WiFi bridge that extends wireless signals from China's Tp-link. The device can transmit data at high speed over the line to extend the network to areas that are currently not covered. The TP-Link TL-WPA4220 suffers from an information disclosure...

CVE-2020-14248

BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

Hcl Technologies Inotes 信息泄露漏洞

HCL iNotes is a software from HCL India that allows management of IBM Domino mail, scheduling of errands, and other office activity management. HCL iNotes suffers from a sensitive cookie disclosure vulnerability. An attacker can exploit this vulnerability to capture cookies by intercepting the...

CVE-2019-14731

An issue was discovered in ZenTao 11.5.1. There is an XSS stored vulnerability that leads to the capture of other people's cookies via the Rich Text Box...

CVE-2018-12429

JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie...

IBM Security Privileged Identity Manager Authentication Vulnerability

IBM Security Privileged Identity Manager is an identity management product within IBM Identity Governance and Management, an identity governance solution from IBM USA, that protects, automates, and audits the use of privileged identities to help defend against insider threats and improve security...

IBM Security QRadar Incident Forensics Man-in-the-Middle Attack Vulnerability (CNVD-2015-07479)

IBM Security QRadar Incident Forensics is a suite of security forensic investigation software from IBM. The software supports in-depth forensic investigations of suspected malicious network security incidents, and repair network security vulnerabilities. IBM Security QRadar Incident Forensics 7.2...

CVE-2015-1848

The CVE-2015-1848 entry concerns the PCS daemon (pcsd) in PCS 0.9.137 and earlier failing to set the Secure flag on cookies in HTTPS sessions (CVE-2015-1848); CVE-2015-3983 covers the related issue of not setting the HttpOnly flag. Multiple open-source advisories (Fedora/CentOS and related feeds)...