47 matches found
Cross site request forgery (csrf)
In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8...
Authorization
IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185...
Detecting Insecure Cookies with Qualys Web Application Scanning
Cookies are ubiquitous in today's modern web applications. If an attacker can acquire a user's session cookie by exploiting a cross-site scripting XSS vulnerability, by sniffing an unencrypted HTTP connection, or by some other means, then they can potentially hijack a user's valid session...
CVE-2017-1368
CVE-2017-1368 affects IBM Security Identity Governance Virtual Appliance 5.2–5.2.3.2, where authorization tokens and session cookies are not marked Secure. This allows cookie values to be exposed when users click http:// links or visit sites that load the links, enabling cookie snooping. Root cau...
Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation
Windows: NtImpersonateAnonymousToken LPAC to Non-LPAC EoP Platform: Windows 10 1703 and 1709 not tested Windows 8.x Class: Elevation of Privilege Summary: When impersonating the anonymous token in an LPAC the WIN://NOAPPALLPKG security attribute is ignored leading to impersonating a non-LPAC toke...
Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation
Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation Windows: NtImpersonateAnonymousToken LPAC to Non-LPAC EoP Platform: Windows 10 1703 and 1709 not tested Windows 8.x Class: Elevation of Privilege Summary: When impersonating the anonymous token in an LPAC the...
Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability
Document Title: =============== Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1356 Release Date: ============= 2015-01-14 Vulnerability Laboratory ID VL-ID: ==================================== 13...