73 matches found
CVE-2025-36026
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link an...
CVE-2024-37830
An issue in Outline = v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie...
CVE-2024-56733
Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token ...
CVE-2024-37830
An issue in Outline = v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie...
CVE-2024-37830
An issue in Outline = v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie...
CVE-2024-37830
Summary: CVE-2024-37830 affects Outline up to v0.76.1. An issue allows an attacker to redirect a victim to a malicious site by intercepting and modifying the app’s state cookie. The vulnerability is described across Red Hat, NVD, CVE listings and partner advisories, with the recommended fix being...
HackerOne: 2FA Bypass via Leaked Cookies
Vulnerability description not provided...
CVE-2021-43074
An improper verification of cryptographic signature vulnerability CWE-347 in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and...
SUSE CVE-2013-4964
Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
SUSE CVE-2013-7436
noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
SUSE CVE-2015-8470
The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...
Information disclosure
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack...
ROS-20220518-02
A vulnerability in Mozilla Thunderbird email client is related to incorrect processing of user input data when processing signed and encrypted attached messages. user input when processing signed and encrypted attached messages. Exploitation exploitation of the vulnerability could allow a remote...
GHSA-G7CF-WG27-QW87 Jenkins secure flag not set on session cookies
Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session...
The vulnerability of the \hms\admin\appointment-history.php component, a web application for managing hospitals within the PHPGurukul Hospital Management System, allows an attacker to intercept cookie files.
The vulnerability of the \hms\admin\appointment-history.php web application, a hospital management system for PHPGurukul, is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability could allow an attacker to intercept cookie files...
Unspecified Vulnerability in Emerson Rosemount X-STREAM Gas Analyzer
The Emerson Rosemount X-STREAM Gas Analyzer is an Emerson gas analyzer for industrial environments. The device supports up to five component gas analyzers and features NDIR/UV/VIS photometry, paramagnetic and electrochemical O2, thermal conductivity and humidity sensors. A security vulnerability...
Emerson Rosemount X-STREAM Gas Analyzer 安全漏洞
The Emerson Rosemount X-STREAM Gas Analyzer is an Emerson gas analyzer for industrial environments. The device supports up to five component gas analyzers and features NDIR/UV/VIS photometry, paramagnetic and electrochemical O2, thermal conductivity and humidity sensors. A security vulnerability...
The vulnerability of the Netlify domain controller, related to improperly configured DNS records, allows attackers to intercept cookie files, bypass Content Security Policy (CSP) security policies, Cross-Origin Resource Sharing (CORS) mechanisms, and gain unauthorized access to protected information.
The vulnerability of the Netlify domain controller implementation is related to improperly configured DNS records. Exploiting this vulnerability allows a malicious actor to intercept cookie files, bypass security mechanisms like CSP, Cross-Origin Resource Sharing CORS, and gain unauthorized acces...
HCL iNotes Sensitive Cookie Disclosure Vulnerability
HCL iNotes is a software from HCL India that allows management of IBM Domino mail, scheduling of errands, and other office activity management. HCL iNotes suffers from a sensitive cookie disclosure vulnerability. An attacker can exploit this vulnerability to capture cookies by intercepting the...
The vulnerability of the Synology Router Manager operating system arises from the absence of a “secure” flag in session cookie files. This allows attackers to gain unauthorized access to the target device.
The vulnerability of the Synology Router Manager operating system is related to the absence of the “secure” flag in session cookies files. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to the target device by intercepting session cookie...