foreman: the _session_id cookie is issued without the Secure flag

It was found that Foreman did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie...

Red Hat PCS Backend Program Set-Cookie Header Information Disclosure Vulnerability

Red Hat is an operating system based on the linux kernel. An information disclosure vulnerability exists in the Set-Cookie header of the PCSD backend program in Red Hat PCS, which allows remote attackers to exploit the vulnerability to gain access to sensitive information via a scripted access...

Red Hat oVirt Engine Information Disclosure Vulnerability

Red Hat oVirt Engine is an open source virtualization management platform, an open source version of RHEV Platform for Enterprise Virtualization, consisting of an oVirt-node client and an overt-engine manager. A security vulnerability exists in Red Hat oVirt Engine 3.4.4 and earlier versions, whe...

PT-2015-3597 · Ovirt · Ovirt Engine

Name of the Vulnerable Software and Affected Versions: oVirt Engine versions prior to 3.5.0 Description: The issue allows remote attackers to obtain potentially sensitive information via script access to session IDs due to the missing HTTPOnly flag in the Set-Cookie header. Recommendations: For...

cumin: session cookies lack httponly setting

It was found that Cumin did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie...

cumin: session cookies lack httponly setting

It was found that Cumin did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie...

Mastery OA contents of the log stored XSS can get the cookie-vulnerability warning-the black bar safety net

Mastery OA2013 and 2 0 1 0 version, Office Anywhere 2 0 1 3 work log edit page there is the storage typeXSS, and their superiors view the log after you can steal the cookie 1, the work log edit page source code to bypass the bypass a character can be constructedXSS! ! ! 1, the interception to giv...

DEBIAN-CVE-2012-0053

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...

[hack4sec] XSS: Разведка боем.

Автор: Кузьмин Антон [email protected] Команда: Hack4sec [email protected] Дата: 30-05-2011 PDF-вариант: Здравствуйте. В данной статье я хочу привести один не стандартный пример использования XSS-уязвимостей. По крайней мере раньше я ни разу не видел чтоб подобные вещи где-то...

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Memory corruption, crossite scripting, local files access, HTTP-only cookie leakage, caching for no-cache files...