CVE-2024-41684 Cookie Without Secure Flag Set Vulnerability

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system...

CVE-2018-1279 RabbitMQ cluster compromise due to deterministically generated cookie

Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports ...

Microsoft Forefront UAG Signurl.asp Cross-Site Scripting (MS10-089; CVE-2010-3936)

Microsoft Forefront Unified Access Gateway UAG is designed to provide secure remote access to corporate resources for employees, partners and vendors from both managed and unmanaged PCs and mobile devices. UAG provides a variety of connection options including SSL VPN, Microsoft DirectAccess and...

Even Without Browser Flaws, Attackers Have the Upper Hand on the Web

TORONTO–If the spate of vulnerabilities and sophisticated attacks against browsers in the last couple of years has done nothing else, it’s certainly shown just how vulnerable users are as they go about their daily business on the Web. In a talk at the SecTor conference, a researcher showed severa...