127 matches found
CVE-2023-4217
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation...
CVE-2023-5035
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks,...
Security Bulletin: "Cookie with Insecure or Improper or Missing SameSite attribute" may affect IBM CICS TX Advanced
Summary "Cookie with Insecure or Improper or Missing SameSite attribute" may affect IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-33847 DESCRIPTION: IBM CICS TX does not set the secure attribute on authorization tokens or session...
MGASA-2023-0138 Updated tomcat packages fix security vulnerability
Information disclosure due to concurrency bug CVE-2021-43980 Fix for CVE-2020-9484 introduced a time of check, time of use vulnerability CVE-2022-23181 Correct documentation to warn of use over untrusted networks. CVE-2022-29885 Correct documentation showing use of XSS vulnerability. CVE-2022-343...
usememos/memos missing Secure cookie attribute
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 is missing the Secure cookie attribute, making it vulnerable to session hijacking...
CVE-2022-22493
IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449...
Cross site request forgery (csrf)
IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449...
CVE-2022-22493
CVE-2022-22493 affects IBM WebSphere Automation for Cloud Pak for Watson AIOps up to version 1.4.2, where cross-site request forgery arises from improper cookie attribute settings. Remediation per IBM bulletin is to upgrade to 1.4.3 or higher; no exploitation details are provided in the connected...
Rdiffweb 安全漏洞
Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A security vulnerability exists in Rdiffweb versions prior to 2.4.6, which stems from a sensitive cookie in an HTTPS session that doe...
PT-2022-7817 · Red Hat · Openshift Origin
Name of the Vulnerable Software and Affected Versions: Openshift Origin version 3 Description: The issue is related to insecure cookies being set in the console of Openshift Origin. Specifically, the cookies lack 'secure' and 'HttpOnly' attributes. Recommendations: For Openshift Origin version 3,...
phpMyAdmin cookie-attribute injection
phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...
GHSA-XQW9-FFX7-G998 phpMyAdmin cookie-attribute injection
phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...
Security Bulletin: Missing cookie secure attribute in IBM Security Guardium Key Lifecycle Manager (CVE-2021-38977)
Summary Missing cookie secure attribute in IBM Security Guardium Key Lifecycle Manager CVE-2021-38977. Vulnerability Details CVEID: CVE-2021-38977 DESCRIPTION: IBM Tivoli Key Lifecycle Manager does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to g...
Cross-Site Request Forgery (CSRF) in qkqpttgf/onemanager-php
✍️ Description Attacker able to rename any file with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...
Cross-Site Request Forgery (CSRF) in qkqpttgf/onemanager-php
✍️ Description Attacker able to delete any disk with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...
Cross-Site Request Forgery (CSRF) in aimeos/ai-client-html
✍️ Description Attacker able to pin any product in favorites with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only...
Cross-Site Request Forgery (CSRF) in aimeos/ai-client-html
✍️ Description Attacker able to add any product in favorites with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only...
Cross-Site Request Forgery (CSRF) in azuracast/azuracast
✍️ Description Attacker able to enable any Streamer/DJ account section with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...
Cross-Site Request Forgery (CSRF) in namelessmc/nameless
✍️ Description Attacker able to reset any profile banner with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
Cross-Site Request Forgery (CSRF) in namelessmc/nameless
✍️ Description Attacker able to leave any user message with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...