nsupdate.info 安全漏洞

nsupdate.info is a free dynamic DNS service in the nsupdate.info development open source. A security vulnerability exists in nsupdate.info, which stems from a mishandling of the parameter CSRFCOOKIEHTTPONLY that results in a cookie without the "httponly" flag...

CVE-2021-42115

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie...

CVE-2021-42115

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie...

Design/Logic Flaw

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static...

CVE-2021-42115 Missing HTTPOnly flag on sensitive cookie in TopEase

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie...

Design/Logic Flaw

adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag...

BTCPay Server 信息泄露漏洞

BTCPay Server is a self-hosted open source cryptocurrency payment processor. It is secure, private, uncensored and free. A cross-site scripting vulnerability exists in BTCPay Server 1.0.7.0 and earlier versions. The vulnerability stems from a failure to set the HTTPOnly flag for cookies. An...

Fastify Fastify-csrf Cross-Site Request Forgery Vulnerability

Fastify Fastify-csrf is a Javascript-based plugin that provides CSRF protection for Fastify in the Fastify community. A security vulnerability exists in fastify-csrf before 3.0.0 due to an insecure default value being used in the generated cookie, no httpOnly, and CSRF tokens being available in t...

CVE-2012-0718

IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies...

Security Bulletin: IBM QRadar Incident Forensics is vulnerable to session highjacking. (CVE-2015-1994)

Summary IBM QRadar incident forensics authorization cookie is missing the httponly attribute. Vulnerability Details CVE-ID: CVE-2015-1994 Description: IBM Qradar Incident Forensics could allow a remote attacker to obtain sensitive information, caused by the failure to set the httponly attribute f...

QNAP QTS < 4.2.4 Build 20170313 Multiple Vulnerabilities - Active Check

QNAP QTS web user interface is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts";...