Lucene search
K

238 matches found

Cvelist
Cvelist
added 2024/06/27 9:27 a.m.36 views

CVE-2024-0947 Cookies Manipulation in Talya Informatics' Elektraweb

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb:...

9.8CVSS0.00477EPSS
Exploits0References2
OSV
OSV
added 2024/05/23 10:15 p.m.7 views

CVE-2024-5294

D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability...

6.5CVSS5.8AI score0.0046EPSS
Exploits0References1
0day.today
0day.today
added 2023/10/15 12:0 a.m.1049 views

Apache Superset 2.0.0 Remote Code Execution Exploit

Apache Superset versions 2.0.0 and below utilize Flask with a known default secret key which is used to sign HTTP cookies. These cookies can therefore be forged. If a user is able to login to the site, they can decode the cookie, set their userid to that of an administrator, and re-sign the cooki...

9.8CVSS7.7AI score0.97405EPSS
Exploits20
Metasploit
Metasploit
added 2023/09/13 7:51 p.m.333 views

Apache Superset Signed Cookie Priv Esc

Apache Superset versions use auxiliary/gather/apachesupersetcookiesigprivesc msf auxiliaryapachesupersetcookiesigprivesc show actions ...actions... msf auxiliaryapachesupersetcookiesigprivesc set ACTION msf auxiliaryapachesupersetcookiesigprivesc show options ...show and set options... msf...

9.8CVSS8.4AI score0.97405EPSS
Exploits20
Debian
Debian
added 2023/09/12 1:0 a.m.26 views

[SECURITY] [DLA 3561-1] node-cookiejar security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3561-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb September 11, 2023 https://wiki.debian.org/LTS -...

7.5CVSS6.3AI score0.01546EPSS
Exploits1
Fedora
Fedora
added 2023/02/25 4:2 a.m.49 views

[SECURITY] Fedora 36 Update: haproxy-2.4.22-2.fc36

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

9.1CVSS7.8AI score0.05493EPSS
Exploits0
Veracode
Veracode
added 2022/12/13 2:45 a.m.21 views

Information Disclosure

thorsten/phpmyfaq is vulnerable to information disclosure.The vulnerability exists in the setCookie function of session.php due to insecure HTTP cookies without the 'secure' attribute which allows an attacker to gain access to sensitive information...

7.5CVSS7.3AI score0.00422EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2022/12/11 3:30 p.m.55 views

phpMyFAQ has insecure HTTP cookies

phpMyFAQ is contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in versions prior to 3.1.9...

7.5CVSS7.3AI score0.00422EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/12/11 3:30 p.m.24 views

GHSA-WPGC-5CR5-H9GG phpMyFAQ has insecure HTTP cookies

phpMyFAQ is contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in versions prior to 3.1.9...

7.5CVSS6.6AI score0.00422EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/09/22 12:0 a.m.21 views

rdiffweb has insecure HTTP cookies

In rdiffweb prior to version 2.4.6, the cookie sessionid does not have a secure attribute when the URL is invalid. Version 2.4.6 contains a fix for the issue...

5.3CVSS5.5AI score0.00396EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/09/22 12:0 a.m.22 views

GHSA-M748-HJQG-RPP8 rdiffweb has insecure HTTP cookies

In rdiffweb prior to version 2.4.6, the cookie sessionid does not have a secure attribute when the URL is invalid. Version 2.4.6 contains a fix for the issue...

6.9CVSS5.5AI score0.00396EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2022/09/15 12:0 a.m.15 views

Fedora: Security Advisory for libapreq2 (FEDORA-2022-61f5b492b7)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.6AI score0.04712EPSS
Exploits0References2
Fedora
Fedora
added 2022/09/13 1:31 a.m.36 views

[SECURITY] Fedora 35 Update: libapreq2-2.17-1.fc35

libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...

7.5CVSS2AI score0.04712EPSS
Exploits0
Fedora
Fedora
added 2022/09/13 1:29 a.m.32 views

[SECURITY] Fedora 36 Update: libapreq2-2.17-1.fc36

libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...

7.5CVSS2AI score0.04712EPSS
Exploits0
Fedora
Fedora
added 2022/09/12 5:59 p.m.37 views

[SECURITY] Fedora 37 Update: libapreq2-2.17-1.fc37

libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...

7.5CVSS2AI score0.04712EPSS
Exploits0
Rockylinux
Rockylinux
added 2022/05/17 7:15 a.m.13 views

new packages: perl-HTTP-Cookies

An update is available for perl-HTTP-Cookies. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

2.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2022/05/11 8:1 a.m.41 views

CVE-2022-27779

A vulnerability was found in curl. The issue occurs because curl wrongly allows HTTP cookies to be set for Top Level Domains TLDs if the hostname is provided with a trailing dot. This flaw allows arbitrary sites to set cookies that get sent to a different and unrelated site or domain by a malicio...

5.3CVSS2.1AI score0.02414EPSS
Exploits1References4
Debian
Debian
added 2022/03/18 10:46 a.m.39 views

[SECURITY] [DLA 2954-1] python-treq security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2954-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb March 18, 2022 https://wiki.debian.org/LTS -...

6.5CVSS6.5AI score0.01083EPSS
Exploits0
Huntr
Huntr
added 2021/10/14 7:12 p.m.5 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in frontaccountingerp/fa

✍️ Description The secure flag is not set for session cookie "PHPSESSID" in the application. Proof of Concept Check this for POC: Image Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/09/16 4:8 p.m.21 views

What are computer cookies?

We all know cookies as tasty baked treats that we love to eat, but computer cookies are quite different. Although they’re most popularly known as just "cookies", they may be referred to as browser cookies, Internet cookies, HTTP cookies, web cookies, computer cookies, or digital cookies. What are...

6.7AI score
Exploits0
Rows per page
Query Builder