7691 matches found
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in filegator/filegator
Description Secure flag is not implemented on the application Proof of Concept https://ibb.co/nLTbftm Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies...
Oracle Linux 8 : nodejs:14 (ELSA-2021-3666)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3666 advisory. - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, - CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 - Resolves...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in khodakhah/nodcms
Description Implement both Secure flag and httponly flag in the application. Proof of Concept Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from bein...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in jonschoning/espial
Description Implement both Secure flag and httponly flag in the application. Proof of Concept Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from bein...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in kcal-app/kcal
Description Implement both Secure flag and httponly flag in the application. Proof of Concept Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from bein...
Security Bulletin: Cacheable HTTPs Response vulnerability affects IBM Edge (CVE-2020-4809)
Summary IBM Edge is affected by a cacheable HTTPs response vulnerability. IBM Edge has resolved the vulnerability. Vulnerability Details CVEID: CVE-2020-4809 DESCRIPTION: IBM Edge allows web pages to be stored locally which can be read by another user on the system. CVSS Base score: 4 CVSS Tempor...
e107 CMS 2.3.0 Shell Upload
Exploit Title: e107 CMS 2.3.0 - Remote Code Execution RCE Authenticated Date: 21-09-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://e107.org/ Software Link: https://e107.org/download Version: 2.3.0 Category: Webapps Tested on: Linux/Windows e107 is a free website content...
Fedora: Security Advisory for curl (FEDORA-2021-c5584b92d4)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 34 Update: curl-7.76.1-12.fc34
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in spiral-project/ihatemoney
Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/10p4ejCFsLA6LO32nPNTRKqZjlqVHVpUf/view?usp=sharing Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP...
CVE-2021-38412
Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to...
Authentication flaw
Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to...
CVE-2021-38412 Digi PortServer TS 16 Improper Authentication
Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to...
Exploit for CVE-2021-38647
cve-2021-38647 A PoC exploit for CVE-2021-38647 RCE in OMI. E...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ledgersmb/ledgersmb
Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/1ESnBKwFef8D42A2VD3W59vXMLdWhCxS9/view?usp=sharing Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP...
Automatic Cipher Suite Ordering in crypto/tls
This is the first article I wrote for the Go blog !! about how TLS cipher suites configuration got so complicated, and how weve made it way easier in Go 1.17. The Go standard library provides crypto/tls, a robust implementation of Transport Layer Security TLS, the most important security protocol...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in babybuddy/babybuddy
Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/1zWCQRRZl42kEbqrs0QS4hXyUdjnBRf/view Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The...
[ASA-202109-2] firefox: multiple issues
Arch Linux Security Advisory ASA-202109-2 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-38491 CVE-2021-38494 Package : firefox Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2350 Summary ======= The package firefox befo...
Dell Client BIOS Multiple Vulnerabilities (DSA-2021-106)
According to its self-reported version, Dell BIOS is affected by multiple vulnerabilities. - Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit th...
PAN-OS: Impact of Telnet Remote-Code-Execution (RCE) Vulnerability (CVE-2020-10188)
A buffer overflow vulnerability in the Telnet-based administrative management service included with PAN-OS software allows remote attackers to execute arbitrary code. The Telnet-based administrative management service is disabled by default and this issue is not exploitable if this service is...