805 matches found
Moxa PT-G503 Series Sensitive Cookie Not Properly Secured (CVE-2023-4217)
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. This...
MOXA PT-G503 Unauthorized Access Vulnerability
MOXA PT-G503 is a series of Layer 2 managed switches from MOXA China. The MOXA PT-G503 unauthorized access vulnerability can be exploited by a remote attacker to submit a special request that can be used to gain unauthorized access to and manipulate user session data...
CVE-2023-5035
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks,...
CVE-2023-4217
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation...
Node.js: HTTP Request Smuggling via Content Length Obfuscation
The team identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers could lead to HTTP request smuggling. Specifically, if a space was placed before a content-length header, it was not interpreted correctly, enabling attackers to smuggle in ...
CVE-2023-5035 Cookie Without Secure Flag
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks,...
CVE-2023-5035 Cookie Without Secure Flag
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks,...
CVE-2023-5035
CVE-2023-5035 affects the Moxa PT-G503 Series firmware prior to v5.2. The root cause is that the Secure attribute for sensitive cookies in HTTPS sessions is not set, which can allow cookies to be transmitted in plaintext over an HTTP session. Potential impact includes exposure/manipulation of use...
MOXA PT-G503 安全漏洞
MOXA PT-G503 is a series of Layer 2 managed switches from MOXA China. The MOXA PT-G503 unauthorized access vulnerability can be exploited by a remote attacker to submit a special request that can be used to gain unauthorized access to and manipulate user session data...
CVE-2023-29463
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session...
Authentication flaw
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session...
CVE-2023-29463 Pavilion8 Security Misconfiguration Vulnerability
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session...
CVE-2023-29463
The CVE-2023-29463 issue affects Rockwell Automation Pavilion8: the JMX Console is publicly accessible and requires no authentication, enabling a malicious user to retrieve other users’ session data or log them out. Affected product: Pavilion8 (model predictive control software); affected version...
Moxa ioLogik 4000 Series Session Cookie Without HttpOnly Flag (CVE-2023-4228)
A vulnerability has been identified in ioLogik 4000 Series ioLogik E4200 firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized acce...
CVE-2023-4228
A vulnerability has been identified in ioLogik 4000 Series ioLogik E4200 firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized acce...
Information disclosure
A vulnerability has been identified in ioLogik 4000 Series ioLogik E4200 firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized acce...
CVE-2023-4228 ioLogik 4000 Series: Session Cookies Attribute Not Set Properly
A vulnerability has been identified in ioLogik 4000 Series ioLogik E4200 firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized acce...
CVE-2023-4228
CVE-2023-4228 affects ioLogik 4000 Series (ioLogik E4200) firmware v1.6 and earlier. The underlying issue is that session cookies are not configured with HttpOnly (and related attributes) as described across multiple sources, potentially allowing unauthorized access to session data. Public disclo...
MOXA ioLogik 4000 Series 安全漏洞
MOXA ioLogik 4000 Series is a series of general-purpose controllers from China-based MOXA. A security vulnerability exists in MOXA ioLogik 4000 Series v1.6 and earlier versions, which stems from the session cookie attribute not being set correctly, potentially allowing user session data to be...
PT-2023-17324 · Atlas Copco · Atlas Copco Power Focus 6000
Name of the Vulnerable Software and Affected Versions: Atlas Copco Power Focus 6000 affected versions not specified Description: The issue concerns the Atlas Copco Power Focus 6000 web server, which utilizes a limited number of session ID numbers. This could allow an attacker to guess or enter a...