4 matches found
JLSEC-2026-615 Cookie jar accepts Secure/__Host-/__Secure- cookies from non-secure origins in HTTP.jl
Description setcookies! stored every parsed Set-Cookie after only checking that the response scheme was http or https, with no protection symmetric to the read path shouldsend, which already withholds Secure cookies from non-secure requests. A plaintext http origin could therefore plant a Secure...
PT-2023-21170 · Npm · @Fastify/Csrf-Protection
Name of the Vulnerable Software and Affected Versions: @fastify/csrf-protection versions prior to 4.1.0 @fastify/csrf-protection versions prior to 6.3.0 Description: The CSRF protection mechanism in the @fastify/csrf-protection library can be bypassed by network and same-site attackers under...
DEBIAN-CVE-2019-7350
Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies between 3 and 5 is being generated when a user successfully logs in, and these...
Multiple Vulnerabilities in SecGate 3600-A1500
SecGate3600-A1500 is a security gateway product of NetShen Information Technology Beijing Co. SecGate3600-A1500 suffers from COOKIE fixation and login bypass vulnerabilities, which can be exploited by attackers to obtain sensitive information...