Lucene search
K

7691 matches found

Huntr
Huntr
added 2021/10/11 2:26 p.m.7 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in bytebase/bytebase

Description Session cookie is not marked with 'Secure' Proof of Concept Login to demo page https://demo.bytebase.com/ Open Firefox developer option - storage - check secure option Below link shows POC https://i.ibb.co/DLG1pyt/Screenshot-48.png...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2021/10/08 4:6 p.m.6 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in publify/publify

Description Session cookie publifyblogsession is not marked with 'Secure' Proof of Concept Login to demo page https://demo-publify.herokuapp.com/ Open Firefox developer option - storage - check secure option Below link shows POC https://i.ibb.co/j3K5YDg/Screenshot-45.png...

0.7AI score
Exploits0References1
NVD
NVD
added 2021/10/06 8:15 p.m.12 views

CVE-2021-1594

A vulnerability in the REST API of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a...

9.3CVSS0.01398EPSS
Exploits0References1
Prion
Prion
added 2021/10/06 8:15 p.m.14 views

Command injection

A vulnerability in the REST API of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a...

9.3CVSS8.3AI score0.01398EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/10/06 8:15 p.m.14 views

Design/Logic Flaw

A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service DoS condition on an affected device. This vulnerability is due to improper memory management in the pro...

7.8CVSS7.5AI score0.01386EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2021/10/06 7:46 p.m.9 views

CVE-2021-1594 Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the REST API of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a...

7.5CVSS7.6AI score0.01398EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/10/06 7:46 p.m.30 views

CVE-2021-1594 Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the REST API of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a...

7.5CVSS8.6AI score0.01398EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/10/06 7:46 p.m.9 views

CVE-2021-34698 Cisco Web Security Appliance Proxy Service Denial of Service Vulnerability

A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service DoS condition on an affected device. This vulnerability is due to improper memory management in the pro...

8.6CVSS7.1AI score0.01386EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/10/06 7:46 p.m.26 views

CVE-2021-34698 Cisco Web Security Appliance Proxy Service Denial of Service Vulnerability

A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service DoS condition on an affected device. This vulnerability is due to improper memory management in the pro...

8.6CVSS8.7AI score0.01386EPSS
Exploits0References1
Huntr
Huntr
added 2021/10/06 7:21 p.m.7 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in kevinpapst/kimai2

Description Session cookie dancer.session is not marked with 'Secure' Proof of Concept Login to demo page https://demo-stable.kimai.org/en/dashboard/, Open Firefox developer option - storage - check secure option...

0.4AI score
Exploits0
Cisco
Cisco
added 2021/10/06 4:0 p.m.79 views

Cisco Web Security Appliance Proxy Service Denial of Service Vulnerability

A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service DoS condition on an affected device. This vulnerability is due to improper memory management in the pro...

8.6CVSS7.8AI score0.01386EPSS
Exploits0References1
Huntr
Huntr
added 2021/10/05 4:7 p.m.13 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in vuestorefront/vue-storefront

✍️ Description The secure flag is not set for session cookie "vsf-commercetools-token" in the application. Proof of Concept Check this for POC: Image Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection,...

0.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2021/10/05 11:28 a.m.42 views

CVE-2021-41611

The squid proxy package may incorrectly classify certain certificates as trusted. This can allow traffic to obtain security trust when the trust is not valid. The highest threat from this vulnerability is to confidentiality and integrity. Mitigation The only mitigation is complete denial to TLS a...

8.1CVSS2.5AI score0.02854EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2021/10/04 8:31 p.m.39 views

Encrypted & Fileless Malware Sees Big Growth

A full 91.5 percent of malware was delivered using HTTPS-encrypted connections in the second quarter, researchers said, making attacks more evasive. That’s according to WatchGuard Technologies’ latest report on findings within its telemetry, which also found that these detections come primarily...

7.4AI score
Exploits0References2
Exploit DB
Exploit DB
added 2021/10/01 12:0 a.m.319 views

CMSimple_XH 1.7.4 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: CMSimpleXH 1.7.4 - Remote Code Execution RCE Authenticated Date: 01-10-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.cmsimple-xh.org/ Software Link: https://www.cmsimple-xh.org/?Downloads Version: 1.7.4 Category: Webapps Tested on: Linux/Windows CMSimpleX...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2021/09/29 8:30 p.m.23 views

Webstor - A Script To Quickly Enumerate All Websites Across All Of Your Organization'S Networks, Store Their Responses, And Query For Known Web Technologies, Such As Those With Zero-Day Vulnerabilities

WebStor is a tool implemented in Python under the MIT license for quickly enumerating all websites across all of your organization's networks, storing their responses, and querying for known web technologies and versions, such as those with zero-day vulnerabilities. It is intended, in particular,...

7.2AI score
Exploits0References2
Huntr
Huntr
added 2021/09/29 1:10 a.m.14 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in blair2004/nexopos-4x

Description Session cookie nexopossession is not marked as Secure Proof of Concept 1. Open demo page https://v4.nexopos.com/sign-in using firefox; login using demo account 2. Go to Developer tool - Storage - Cookie and see that nexopossession has Secure = False...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2021/09/28 10:36 a.m.38 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in openfun/openedx-docker

Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/10vEIf77qf1ejR14lL5GZCMn9bZmmbIBd/view?usp=sharing Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP...

Exploits0References1
OpenVAS
OpenVAS
added 2021/09/28 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2021-2519)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.95785EPSS
Exploits5References2
Huntr
Huntr
added 2021/09/27 8:13 a.m.11 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in netdisco/netdisco

Description Session cookie dancer.session is not marked with 'Secure' Proof of Concept 1. Go to demo page https://netdisco2-demo.herokuapp.com, the page will automatically logs in as guest 2. Open Firefox developer and see that the cookie dancer.session is not marked with 'Secure'...

0.5AI score
Exploits0References1
Rows per page
Query Builder