Session fixation

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2...

PYSEC-2022-287

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6...

CVE-2022-3250 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6...

CVE-2022-3250 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6...

CVE-2022-3250

CVE-2022-3250 affects the rdiffweb project (GitHub ikus060/rdiffweb) prior to version 2.4.6. The root issue is a session cookie (session_id) that is not marked with the Secure attribute when the URL is invalid, exposing the cookie over non-secure channels. Several sources confirm the vulnerabilit...

CVE-2022-3250 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6...

CVE-2022-3251 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/minarca

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2...

CVE-2022-3251

CVE-2022-3251 affects the Minarca project. Prior to version 4.2.2, a cookie used in HTTPS sessions was stored without the Secure attribute, enabling the cookie to be exposed in some scenarios. The issue is tied to the GitHub repository ikus060/minarca and is documented across multiple sources (in...

CVE-2022-3251 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/minarca

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2...

CVE-2022-3251 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/minarca

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2...

PT-2022-21349 · Minarca · Minarca

Name of the Vulnerable Software and Affected Versions: minarca versions prior to 4.2.2 Description: The issue concerns a sensitive cookie in an HTTPS session that lacks the 'Secure' attribute. This problem is identified in the GitHub repository ikus060/minarca. Recommendations: For versions prior...

Fedora: Security Advisory for curl (FEDORA-2022-20e0f8d1cd)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.

Summary BAYEUXBROWSER cookie is generated from Cometd Server and it remains live with the session. In older versions of cometd server, BAYEUXBROWSER cookie was neither true for https nor for secure. But in the current version ie. 5.0.3, there is a provision to make the cookie true for https and...

Directory traversal

Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information remote. The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig...

parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing

parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL's protocol as ssh. It may also parse the host name incorrectly...

GHSA-PQW5-JMP5-PX4V parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing

parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL's protocol as ssh. It may also parse the host name incorrectly...

GHSA-MJW4-XVX6-3GRG rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

rdiffweb version 2.4.1 is vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. This makes it so that a user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Version 2.4.2 contains a fix for the issue...

rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

rdiffweb version 2.4.1 is vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. This makes it so that a user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Version 2.4.2 contains a fix for the issue...

CVE-2022-35413

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...

Hardcoded credentials

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...