Better Auth Has Two-Factor Authentication Bypass via Premature Session Caching (session.cookieCache)

Summary Under certain configurations, sessions may be considered valid before two-factor authentication 2FA is fully completed. This can allow access to authenticated routes without verifying the second factor. --- Description When two-factor authentication is enabled, the authentication flow...

PT-2024-9750 · Unknown +1 · Async Http Client +1

Name of the Vulnerable Software and Affected Versions: AsyncHttpClient versions prior to 3.0.1 Description: The AsyncHttpClient library has an issue where the automatically enabled and self-managed CookieStore silently replaces explicitly defined Cookies with any that have the same name from the...

PT-2023-29042 · Unknown · Control Id Gerencia Web

Name of the Vulnerable Software and Affected Versions: Control iD Gerencia Web version 1.30 Description: A vulnerability was found in the component Cookie Handler, leading to cleartext storage of sensitive information. The attack may be launched remotely, with a rather high complexity and difficu...

EU Cookie Law <= 3.1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Enter the setting page of this plugin. 2. In t...

CVE-2019-16522

The eu-cookie-law plugin through 3.0.6 for WordPress aka EU Cookie Law GDPR is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An...

CVE-2019-16522

The eu-cookie-law plugin through 3.0.6 for WordPress aka EU Cookie Law GDPR is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An...

Cross site scripting

The eu-cookie-law plugin through 3.0.6 for WordPress aka EU Cookie Law GDPR is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An...

CVE-2019-16522

The eu-cookie-law plugin through 3.0.6 for WordPress aka EU Cookie Law GDPR is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An...

PT-2018-3874 · Pulnix +7 · Pulnix +10

Name of the Vulnerable Software and Affected Versions: TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login Description: The issue allows remote attackers to bypass authentication via a "Cookie: uid=admin"...