Lucene search
K

7691 matches found

Huntr
Huntr
added 2021/09/27 8:10 a.m.10 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in filegator/filegator

Description Secure flag is not implemented on the application Proof of Concept https://ibb.co/nLTbftm Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies...

Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/09/27 12:0 a.m.41 views

Oracle Linux 8 : nodejs:14 (ELSA-2021-3666)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3666 advisory. - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, - CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 - Resolves...

9.8CVSS7.1AI score0.37286EPSS
Exploits7References9
Huntr
Huntr
added 2021/09/26 9:33 p.m.31 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in khodakhah/nodcms

Description Implement both Secure flag and httponly flag in the application. Proof of Concept Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from bein...

Exploits0References1
Huntr
Huntr
added 2021/09/26 9:25 p.m.7 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in jonschoning/espial

Description Implement both Secure flag and httponly flag in the application. Proof of Concept Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from bein...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2021/09/26 7:9 p.m.20 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in kcal-app/kcal

Description Implement both Secure flag and httponly flag in the application. Proof of Concept Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from bein...

6.9AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/22 5:37 p.m.37 views

Security Bulletin: Cacheable HTTPs Response vulnerability affects IBM Edge (CVE-2020-4809)

Summary IBM Edge is affected by a cacheable HTTPs response vulnerability. IBM Edge has resolved the vulnerability. Vulnerability Details CVEID: CVE-2020-4809 DESCRIPTION: IBM Edge allows web pages to be stored locally which can be read by another user on the system. CVSS Base score: 4 CVSS Tempor...

4CVSS1.2AI score0.00241EPSS
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2021/09/22 12:0 a.m.196 views

e107 CMS 2.3.0 Shell Upload

Exploit Title: e107 CMS 2.3.0 - Remote Code Execution RCE Authenticated Date: 21-09-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://e107.org/ Software Link: https://e107.org/download Version: 2.3.0 Category: Webapps Tested on: Linux/Windows e107 is a free website content...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2021/09/22 12:0 a.m.30 views

Fedora: Security Advisory for curl (FEDORA-2021-c5584b92d4)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.1CVSS6.8AI score0.0627EPSS
Exploits7References2
Fedora
Fedora
added 2021/09/21 3:33 p.m.58 views

[SECURITY] Fedora 34 Update: curl-7.76.1-12.fc34

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

9.1CVSS7.4AI score0.0627EPSS
Exploits7
Huntr
Huntr
added 2021/09/18 11:19 a.m.6 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in spiral-project/ihatemoney

Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/10p4ejCFsLA6LO32nPNTRKqZjlqVHVpUf/view?usp=sharing Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP...

Exploits0References1
NVD
NVD
added 2021/09/17 8:15 p.m.15 views

CVE-2021-38412

Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to...

9.8CVSS0.01261EPSS
Exploits0References1
Prion
Prion
added 2021/09/17 8:15 p.m.21 views

Authentication flaw

Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to...

7.5CVSS9.5AI score0.01261EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/09/17 7:7 p.m.18 views

CVE-2021-38412 Digi PortServer TS 16 Improper Authentication

Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to...

9.6CVSS9.7AI score0.01261EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2021/09/16 8:33 a.m.65 views

Exploit for CVE-2021-38647

cve-2021-38647 A PoC exploit for CVE-2021-38647 RCE in OMI. E...

9.8CVSS7.8AI score0.99723EPSS
Exploits19
Huntr
Huntr
added 2021/09/16 3:58 a.m.14 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ledgersmb/ledgersmb

Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/1ESnBKwFef8D42A2VD3W59vXMLdWhCxS9/view?usp=sharing Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP...

4CVSS0.00941EPSS
Exploits1References1
Filippo.io
Filippo.io
added 2021/09/15 10:0 p.m.19 views

Automatic Cipher Suite Ordering in crypto/tls

This is the first article I wrote for the Go blog !! about how TLS cipher suites configuration got so complicated, and how weve made it way easier in Go 1.17. The Go standard library provides crypto/tls, a robust implementation of Transport Layer Security TLS, the most important security protocol...

6.4AI score
Exploits0
Huntr
Huntr
added 2021/09/15 6:45 a.m.10 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in babybuddy/babybuddy

Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/1zWCQRRZl42kEbqrs0QS4hXyUdjnBRf/view Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The...

Exploits0References1
ArchLinux
ArchLinux
added 2021/09/14 12:0 a.m.37 views

[ASA-202109-2] firefox: multiple issues

Arch Linux Security Advisory ASA-202109-2 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-38491 CVE-2021-38494 Package : firefox Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2350 Summary ======= The package firefox befo...

8.8CVSS1.2AI score0.00852EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2021/09/13 12:0 a.m.80 views

Dell Client BIOS Multiple Vulnerabilities (DSA-2021-106)

According to its self-reported version, Dell BIOS is affected by multiple vulnerabilities. - Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit th...

7.5CVSS7.8AI score0.00626EPSS
Exploits0References5
Palo Alto Networks
Palo Alto Networks
added 2021/09/08 4:0 p.m.63 views

PAN-OS: Impact of Telnet Remote-Code-Execution (RCE) Vulnerability (CVE-2020-10188)

A buffer overflow vulnerability in the Telnet-based administrative management service included with PAN-OS software allows remote attackers to execute arbitrary code. The Telnet-based administrative management service is disabled by default and this issue is not exploitable if this service is...

9.8CVSS2.2AI score0.74513EPSS
Exploits2References1
Rows per page
Query Builder