Lucene search
K

664 matches found

OpenVAS
OpenVAS
added 2011/08/18 12:0 a.m.21 views

Opera 'HTTPS-Session' Multiple Vulnerabilities - Mac OS X

Opera is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS6.6AI score0.01005EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2011/08/18 12:0 a.m.25 views

Microsoft Explorer HTTPS Sessions Multiple Vulnerabilities - Windows

Microsoft Explorer is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS5.2AI score0.05105EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2011/08/18 12:0 a.m.21 views

Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)

The host is installed with Apple Safari web browser and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: gbapplesafaricookiesecbypassvulnmacosx.nasl 7015 2017-08-28 11:51:24Z teissa $ Apple Safari Secure Cookie Security Bypass Vulnerability Mac OS X Authors: Sooraj KS...

5.8CVSS0.01005EPSS
Exploits0References2
NVD
NVD
added 2011/08/09 10:55 p.m.26 views

CVE-2011-2224

The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...

4.3CVSS5.8AI score0.01163EPSS
Exploits0References3
NVD
NVD
added 2011/08/09 7:55 p.m.30 views

CVE-2008-7294

Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS6.2AI score0.01012EPSS
Exploits0References6
NVD
NVD
added 2011/08/09 7:55 p.m.35 views

CVE-2008-7298

The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS6.5AI score0.0099EPSS
Exploits0References5
Prion
Prion
added 2011/08/09 7:55 p.m.22 views

Design/Logic Flaw

Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS6.6AI score0.01012EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2011/08/09 7:0 p.m.39 views

CVE-2008-7294

Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

6.1AI score0.01012EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2011/06/21 10:42 p.m.7 views

Mozilla Cookie isolation error (MFSA 2011-24)

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers...

5CVSS7.4AI score0.01777EPSS
Exploits1References4
Cvelist
Cvelist
added 2011/05/20 10:0 p.m.26 views

CVE-2011-2154

login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

6.1AI score0.02667EPSS
Exploits0References5
Prion
Prion
added 2010/11/26 8:0 p.m.14 views

Default configuration

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie...

6.4CVSS6.9AI score0.02136EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2010/11/26 7:0 p.m.72 views

CVE-2010-4312

CVE-2010-4312 affects Apache Tomcat 6.x; the default configuration omits the HTTPOnly flag in Set-Cookie headers, enabling remote session hijacking via script access to cookies. This vulnerability is tied to the standard Tomcat 6.x deployment and is described as a cookie security flag omission th...

6.4CVSS4.4AI score0.02136EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2010/11/14 12:0 a.m.18 views

Camtron CMNC-200 IP Camera Denial of Service

Exploit for hardware platform in category dos / poc ============================================ Camtron CMNC-200 IP Camera Denial of Service ============================================ The CMNC-200 IP Camera has a built-in web server that is vulnerable to denial of service attacks. Sending...

7AI score
Exploits0
exploitpack
exploitpack
added 2010/11/13 12:0 a.m.54 views

Camtron CMNC-200 IP Camera - Denial of Service

Camtron CMNC-200 IP Camera - Denial of Service Finding 5: Camera Denial of Service CVE: CVE-2010-4234 The CMNC-200 IP Camera has a built-in web server that is vulnerable to denial of service attacks. Sending multiple requests in parallel to the web server may cause the camera to reboot. Requests...

7.8CVSS0.8AI score0.03041EPSS
Exploits5
Exploit DB
Exploit DB
added 2010/08/03 12:0 a.m.62 views

HP OpenView Network Node Manager (OV NNM) 7.53 - 'OvJavaLocale' Buffer Overflow

HP OPENVIEW NNM OVJAVALOCALE BUFFER OVERFLOW VULNERABILITY 1. ADVISORY INFORMATION Title: HP OpenView NNM OvJavaLocale Buffer Overflow Vulnerability Advisory Id: CORE-2010-0608 Advisory URL: http://www.coresecurity.com/content/hp-nnm-ovjavalocale-buffer-overflow Date published: 2010-08-03 Date of...

9.3CVSS6.4AI score0.42261EPSS
Exploits10
Prion
Prion
added 2009/11/13 3:30 p.m.18 views

Cross site scripting

McAfee IntruShield Network Security Manager NSM before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting XSS vulnerability...

4.3CVSS6.1AI score0.04038EPSS
Exploits3References9Affected Software1
Cvelist
Cvelist
added 2009/11/13 3:0 p.m.22 views

CVE-2009-3566

McAfee IntruShield Network Security Manager NSM before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting XSS vulnerability...

5.7AI score0.04038EPSS
Exploits3References9
securityvulns
securityvulns
added 2008/08/12 12:0 a.m.27 views

Alcatel OmniSwitch switches buffer overflow

Buffer overflow on oversized Cookie: header in embedded web server...

3.3AI score
Exploits0References1
NVD
NVD
added 2006/02/23 11:2 p.m.12 views

CVE-2006-0864

filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value...

10CVSS7.1AI score0.02815EPSS
Exploits0References7
NVD
NVD
added 2006/01/13 11:3 p.m.30 views

CVE-2006-0207

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function...

5CVSS6.7AI score0.04348EPSS
Exploits0References18
Rows per page
Query Builder