Lucene search
K

159 matches found

Tenable Nessus
Tenable Nessus
added 2014/10/10 12:0 a.m.179 views

F5 Networks BIG-IP : HTTP cookie vulnerability (SOL15406)

The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server. CVE-2004-0462 C Tenable Network Security, Inc. The...

2.1CVSS5.4AI score0.00433EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2014/07/10 12:0 a.m.126 views

SOL15406 - HTTP cookie vulnerability CVE-2004-0462

Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To...

2.1CVSS0.2AI score0.00433EPSS
Exploits0References9
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.55 views

PHPDug 2.0.0 - Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22971 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpdug.html Product: PHPDug Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.0.0 and probably prior versions Vendor Notification: 21 April 2011 Vulnerability Type:...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.33 views

Nisuta NS-WIR150NE, NS-WIR300N Wireless Routers - Remote Management Web Interface Authentication Bypass Vulnerability

No description provided by source. Nisuta NS-WIR150NE, NS-WIR300N Wireless Routers Remote Management Web Interface Authentication Bypass Vulnerability Amplia Security - Amplia Security Research Advisory AMPLIA-ARA050913 Advisory ID: AMPLIA-ARA050913 Advisory URL: tbd Date Published: 12-26-2013...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2014/02/17 12:0 a.m.25 views

Google Chrome CSRF Vulnerability - Mac OS X

Google Chrome is prone to a cross-site request forgery CSRF attack. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome...

6.8CVSS6.1AI score0.01859EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2014/02/17 12:0 a.m.22 views

Google Chrome CSRF Vulnerability - Linux

Google Chrome is prone to a cross-site request forgery CSRF attack. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome...

6.8CVSS6.1AI score0.01859EPSS
Exploits0References3
NVD
NVD
added 2014/02/15 2:57 p.m.29 views

CVE-2013-6167

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

6.8CVSS6.2AI score0.01636EPSS
Exploits0References5
NVD
NVD
added 2014/02/15 2:57 p.m.21 views

CVE-2013-6166

Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

6.8CVSS6.2AI score0.01859EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2014/02/15 2:57 p.m.22 views

CVE-2013-6166

Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

6.8CVSS5.9AI score0.01859EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2014/02/15 2:57 p.m.34 views

CVE-2013-6167

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

6.8CVSS7.3AI score0.01636EPSS
Exploits0References5
Prion
Prion
added 2014/02/15 2:57 p.m.27 views

Cross site request forgery (csrf)

Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

6.8CVSS6.7AI score0.01859EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2014/02/15 2:57 p.m.26 views

Cross site request forgery (csrf)

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

6.8CVSS7AI score0.01636EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2014/02/15 11:0 a.m.68 views

CVE-2013-6166

CVE-2013-6166 affects Google Chrome pre-29. The issue arises when Chrome sends HTTP Cookie headers without validating that cookies meet character-set restrictions, enabling a remote attacker to trigger a persistent Logout CSRF-like effect by crafting a parameter that causes a web app to set a mal...

6.8CVSS6.3AI score0.01859EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2014/02/15 11:0 a.m.53 views

CVE-2013-6167

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

6.4AI score0.01636EPSS
Exploits0References5
Prion
Prion
added 2014/01/24 3:8 p.m.20 views

Security feature bypass

The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object...

7.5CVSS8AI score0.01527EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2014/01/24 3:0 p.m.17 views

CVE-2013-5350

The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object...

7.4AI score0.01527EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2013/08/20 12:0 a.m.46 views

Google Chrome < 29.0.1547.57 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is a version prior to 29.0.1547.57. It is, therefore, affected by multiple vulnerabilities : - Various unspecified errors exist. No further details have been provided. CVE-2013-2887 - An input validation error exists related to incomplete...

7.5CVSS6AI score0.01859EPSS
Exploits0References10
NVD
NVD
added 2012/01/08 3:55 p.m.19 views

CVE-2012-0392

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...

6.8CVSS9.8AI score0.96787EPSS
Exploits1References7
Prion
Prion
added 2012/01/08 3:55 p.m.19 views

Security feature bypass

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...

6.8CVSS8.4AI score0.96787EPSS
Exploits1References7Affected Software1
UbuntuCve
UbuntuCve
added 2012/01/08 3:55 p.m.33 views

CVE-2012-0392

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...

6.8CVSS7.3AI score0.96787EPSS
Exploits1References3
Rows per page
Query Builder