664 matches found
Opera 'HTTPS-Session' Multiple Vulnerabilities - Mac OS X
Opera is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Explorer HTTPS Sessions Multiple Vulnerabilities - Windows
Microsoft Explorer is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)
The host is installed with Apple Safari web browser and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: gbapplesafaricookiesecbypassvulnmacosx.nasl 7015 2017-08-28 11:51:24Z teissa $ Apple Safari Secure Cookie Security Bypass Vulnerability Mac OS X Authors: Sooraj KS...
CVE-2011-2224
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...
CVE-2008-7294
Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...
CVE-2008-7298
The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...
Design/Logic Flaw
Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...
CVE-2008-7294
Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...
Mozilla Cookie isolation error (MFSA 2011-24)
Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers...
CVE-2011-2154
login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
Default configuration
The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie...
CVE-2010-4312
CVE-2010-4312 affects Apache Tomcat 6.x; the default configuration omits the HTTPOnly flag in Set-Cookie headers, enabling remote session hijacking via script access to cookies. This vulnerability is tied to the standard Tomcat 6.x deployment and is described as a cookie security flag omission th...
Camtron CMNC-200 IP Camera Denial of Service
Exploit for hardware platform in category dos / poc ============================================ Camtron CMNC-200 IP Camera Denial of Service ============================================ The CMNC-200 IP Camera has a built-in web server that is vulnerable to denial of service attacks. Sending...
Camtron CMNC-200 IP Camera - Denial of Service
Camtron CMNC-200 IP Camera - Denial of Service Finding 5: Camera Denial of Service CVE: CVE-2010-4234 The CMNC-200 IP Camera has a built-in web server that is vulnerable to denial of service attacks. Sending multiple requests in parallel to the web server may cause the camera to reboot. Requests...
HP OpenView Network Node Manager (OV NNM) 7.53 - 'OvJavaLocale' Buffer Overflow
HP OPENVIEW NNM OVJAVALOCALE BUFFER OVERFLOW VULNERABILITY 1. ADVISORY INFORMATION Title: HP OpenView NNM OvJavaLocale Buffer Overflow Vulnerability Advisory Id: CORE-2010-0608 Advisory URL: http://www.coresecurity.com/content/hp-nnm-ovjavalocale-buffer-overflow Date published: 2010-08-03 Date of...
Cross site scripting
McAfee IntruShield Network Security Manager NSM before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting XSS vulnerability...
CVE-2009-3566
McAfee IntruShield Network Security Manager NSM before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting XSS vulnerability...
Alcatel OmniSwitch switches buffer overflow
Buffer overflow on oversized Cookie: header in embedded web server...
CVE-2006-0864
filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value...
CVE-2006-0207
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function...