Lucene search
K

6 matches found

Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-53666

Name of the Vulnerable Software and Affected Versions Pinpoint versions prior to 3.1.1 Description Insecure session management occurs because the pinpointJwt session cookie lacks HttpOnly and Secure attributes. This allows the cookie to be accessed via JavaScript through document.cookie and...

7.6CVSS5.8AI score0.00126EPSS
Exploits0References7
Veracode
Veracode
added 2023/10/06 7:41 a.m.18 views

Insecure Session Cookie Handling

quarkus-oidc is vulnerable to Insecure OIDC Session Cookie Handling. The vulnerability exists because the library does not properly encrypt the OIDC session cookie value by default which leads to the leakage of both ID and access tokens in the authorization code flow when an insecure HTTP protoco...

7.5CVSS6.9AI score0.00963EPSS
Exploits0References9Affected Software1
OpenVAS
OpenVAS
added 2023/06/19 12:0 a.m.27 views

Synology Router Manager (SRM) 1.2.x Multiple Vulnerabilities (Synology-SA-20:14)

Synology Router Manager SRM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

10CVSS6.8AI score0.04625EPSS
Exploits7References1
Veracode
Veracode
added 2020/08/21 2:10 a.m.25 views

Insecure Session Cookie

cups uses an easy-to-guess session cookie. This allows an attacker to guess the cookie value and gain access to the web interface...

5.9CVSS4AI score0.01841EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2017/02/01 8:59 p.m.14 views

Design/Logic Flaw

IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture...

5CVSS6.6AI score0.01688EPSS
Exploits0References2Affected Software1
Exploit DB
Exploit DB
added 2003/06/06 12:0 a.m.22 views

Maxwebportal 1.30 - Remote Database Disclosure

source: https://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. The issues that have been discovered include: MaxWebPortal 'search.asp' has been reported prone to a cross-site scripting vulnerability. An attacker may execute arbitrary scri...

7.4AI score
Exploits0
Rows per page
Query Builder