Lucene search
K

47 matches found

Prion
Prion
added 2019/11/28 5:15 p.m.17 views

Cross site request forgery (csrf)

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8...

4.3CVSS5.3AI score0.00421EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/11/22 4:15 p.m.16 views

Authorization

IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185...

4.3CVSS3.6AI score0.00477EPSS
Exploits0References2Affected Software1
Qualys Blog
Qualys Blog
added 2019/01/10 5:0 p.m.75 views

Detecting Insecure Cookies with Qualys Web Application Scanning

Cookies are ubiquitous in today's modern web applications. If an attacker can acquire a user's session cookie by exploiting a cross-site scripting XSS vulnerability, by sniffing an unencrypted HTTP connection, or by some other means, then they can potentially hijack a user's valid session...

0.1AI score
Exploits0
CVE
CVE
added 2018/08/06 2:0 p.m.54 views

CVE-2017-1368

CVE-2017-1368 affects IBM Security Identity Governance Virtual Appliance 5.2–5.2.3.2, where authorization tokens and session cookies are not marked Secure. This allows cookie values to be exposed when users click http:// links or visit sites that load the links, enabling cookie snooping. Root cau...

6.5CVSS6.2AI score0.01278EPSS
Exploits0References2Affected Software1
Exploit DB
Exploit DB
added 2018/01/11 12:0 a.m.43 views

Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation

Windows: NtImpersonateAnonymousToken LPAC to Non-LPAC EoP Platform: Windows 10 1703 and 1709 not tested Windows 8.x Class: Elevation of Privilege Summary: When impersonating the anonymous token in an LPAC the WIN://NOAPPALLPKG security attribute is ignored leading to impersonating a non-LPAC toke...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2018/01/11 12:0 a.m.15 views

Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation

Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation Windows: NtImpersonateAnonymousToken LPAC to Non-LPAC EoP Platform: Windows 10 1703 and 1709 not tested Windows 8.x Class: Elevation of Privilege Summary: When impersonating the anonymous token in an LPAC the...

0.1AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2015/01/14 12:0 a.m.38 views

Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability

Document Title: =============== Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1356 Release Date: ============= 2015-01-14 Vulnerability Laboratory ID VL-ID: ==================================== 13...

7.1AI score
Exploits0
Rows per page
Query Builder