7681 matches found
CVE-2024-44575
RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...
CVE-2024-44575
RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...
CVE-2024-44575
CVE-2024-44575 affects RELY-PCIe versions 22.2.1–23.1.0. The issue is that the Secure attribute is not set for sensitive cookies in HTTPS sessions, which could allow a user agent to send cookies in cleartext over an HTTP session. The vulnerability is documented with a CVSS v3.1 base score of 3.7 ...
CVE-2024-44575
RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...
Insecure HTTPS Connections
nategood/httpful is vulnerable to Insecure HTTPS Connections. The vulnerability is due to the lack of built-in certificate validation mechanisms in the Httpful library, which fails to enforce the proper verification of SSL/TLS certificates by default. It allows attackers to intercept and manipula...
NewStart CGSL MAIN 6.02 : python3 Vulnerability (NS-SA-2024-0053)
The remote NewStart CGSL host, running version MAIN 6.02, has python3 packages installed that are affected by a vulnerability: - Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client...
Httpful is Missing Certificate Validation
Httpful has Insecure HTTPS Connections due to Missing Default Certificate Validation...
GHSA-GCFG-HMWX-WQ5H Httpful is Missing Certificate Validation
Httpful has Insecure HTTPS Connections due to Missing Default Certificate Validation...
C-MOR Video Surveillance 5.2401 / 6.00PL01 Cross Site Scripting
Advisory ID: SYSS-2024-021 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: Persistent Cross-Site Scripting CWE-79 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05...
Moderate: Red Hat Security Advisory: wget security update
An update for wget is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
RHEL 9 : wget (RHSA-2024:6438)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:6438 advisory. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input ma...
RHEL 8 : wget (RHSA-2024:6208)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:6208 advisory. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input ma...
Moderate: Red Hat Security Advisory: wget security update
An update for wget is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
Moderate: Red Hat Security Advisory: wget security update
An update for wget is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
ALSA-2024:6192 Moderate: wget security update
The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input may lead to improper behavior CVE-2024-38428 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...
Moderate: wget security update
The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input may lead to improper behavior CVE-2024-38428 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...
RHEL 9 : wget (RHSA-2024:6192)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:6192 advisory. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input ma...
GlassFish Brute Force Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/loginscanner/glassfish' require 'metasploit/framework/credentialcollection' class MetasploitModule 'GlassFish Brute Force Utility',...
ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection', 'Description' = %q ManageEngine Password Manager Pro PMP has an...
Sensitive Cookie In HTTPS Session Without "Secure" Attribute
taipy is vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute. The vulnerability is due to the improper setting of security flags on session cookies. An attacker can intercept or tamper with the cookie over insecure connections by exploiting the lack of Secure and HttpOnly...