CVE-2022-3251

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2...

CVE-2022-3250 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6...

CVE-2022-3250 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6...

CVE-2022-3251 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/minarca

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2...

CVE-2022-3251 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/minarca

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2...

CVE-2022-3251 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/minarca

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2...

PT-2022-21349 · Minarca · Minarca

Name of the Vulnerable Software and Affected Versions: minarca versions prior to 4.2.2 Description: The issue concerns a sensitive cookie in an HTTPS session that lacks the 'Secure' attribute. This problem is identified in the GitHub repository ikus060/minarca. Recommendations: For versions prior...

CVE-2022-3174

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2...

CVE-2022-3174

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2...

CVE-2022-3174

CVE-2022-3174 affects rdiffweb prior to 2.4.2, where cookies are transmitted over HTTPS without the Secure attribute, exposing confidentiality. The issue impacts the GitHub repo ikus060/rdiffweb; CVSS v3.1/3.0 base score 7.5 (HIGH) with network attacker, no user interaction. Affected component: s...

CVE-2022-3174 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2...

Textpattern CMS Information Disclosure Vulnerability

Textpattern CMS is a Php-based content management system from the Textpattern team. An information disclosure vulnerability exists in Textpattern CMS v4.8.7 and prior versions, which stems from the application transmitting cookies used in HTTPS session transfers in plaintext. An attacker can...

CVE-2021-40642

Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplibmisc.php. The secure flag is not set for txplogin session cookie in the application. If the secure flag is not set, then the cookie will be...

Code injection

Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplibmisc.php. The secure flag is not set for txplogin session cookie in the application. If the secure flag is not set, then the cookie will be...

CVE-2021-40642

CVE-2021-40642 affects Textpattern CMS v4.8.7 and earlier. The issue is a missing Secure attribute on the txp_login session cookie in textpattern/lib/txplib_misc.php, allowing the cookie to be transmitted in clear-text over HTTP within the cookie’s scope. An attacker could induce this by sending ...

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in babybuddy/babybuddy

Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/1zWCQRRZl42kEbqrs0QS4hXyUdjnBRf/view Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The...

CVE-2019-4471

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780...

IBM Cognos Analytics 信息泄露漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. An information disclosure...

CVE-2020-29024 Missing HtppOnly and Secure flags

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in GTA GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3...

CVE-2020-26732

SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...