809 matches found
PT-2023-32730 · Phpems · Phpems
Name of the Vulnerable Software and Affected Versions: PHPEMS versions 6.x through 9.0 Description: A critical vulnerability was found in the library lib/session.cls.php of the component Session Data Handler, affecting an unknown functionality. The manipulation leads to deserialization and can be...
CVE-2023-46326
ZStack Cloud version 3.10.38 and before allows unauthenticated API access to the list of active job UUIDs and the session ID for each of these. This leads to privilege escalation...
PT-2023-27377 · Opennms · Opennms Horizon +1
Name of the Vulnerable Software and Affected Versions: OpenNMS Meridian versions prior to 2023.1.9 OpenNMS Horizon versions prior to 32.0.5 Description: Cross-site scripting in bootstrap.jsp allows an attacker access to confidential session information. The installation instructions for Meridian...
Opennms Group OpenNMS Cross-Site Scripting Vulnerability
Opennms Group OpenNMS is an open source, enterprise-grade network monitoring and network management platform from US-based Opennms Group. OpenNMS suffers from a cross-site scripting vulnerability in the source bootstrap.jsp parameter that allows an attacker to access confidential session...
Moxa PT-G503 Series Sensitive Cookie Not Properly Secured (CVE-2023-4217)
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. This...
MOXA PT-G503 Unauthorized Access Vulnerability
MOXA PT-G503 is a series of Layer 2 managed switches from MOXA China. The MOXA PT-G503 unauthorized access vulnerability can be exploited by a remote attacker to submit a special request that can be used to gain unauthorized access to and manipulate user session data...
CVE-2023-4217
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation...
CVE-2023-5035
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks,...
Node.js: HTTP Request Smuggling via Content Length Obfuscation
The team identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers could lead to HTTP request smuggling. Specifically, if a space was placed before a content-length header, it was not interpreted correctly, enabling attackers to smuggle in ...
CVE-2023-5035 Cookie Without Secure Flag
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks,...
CVE-2023-5035 Cookie Without Secure Flag
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks,...
CVE-2023-5035
CVE-2023-5035 affects the Moxa PT-G503 Series firmware prior to v5.2. The root cause is that the Secure attribute for sensitive cookies in HTTPS sessions is not set, which can allow cookies to be transmitted in plaintext over an HTTP session. Potential impact includes exposure/manipulation of use...
MOXA PT-G503 安全漏洞
MOXA PT-G503 is a series of Layer 2 managed switches from MOXA China. The MOXA PT-G503 unauthorized access vulnerability can be exploited by a remote attacker to submit a special request that can be used to gain unauthorized access to and manipulate user session data...
CVE-2023-29463
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session...
Authentication flaw
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session...
CVE-2023-29463
The CVE-2023-29463 issue affects Rockwell Automation Pavilion8: the JMX Console is publicly accessible and requires no authentication, enabling a malicious user to retrieve other users’ session data or log them out. Affected product: Pavilion8 (model predictive control software); affected version...
CVE-2023-29463 Pavilion8 Security Misconfiguration Vulnerability
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session...
Moxa ioLogik 4000 Series Session Cookie Without HttpOnly Flag (CVE-2023-4228)
A vulnerability has been identified in ioLogik 4000 Series ioLogik E4200 firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized acce...
CVE-2023-4228
A vulnerability has been identified in ioLogik 4000 Series ioLogik E4200 firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized acce...
Information disclosure
A vulnerability has been identified in ioLogik 4000 Series ioLogik E4200 firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized acce...