Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Sorry. No results for Bugtraq WLB2
CVEMAP Search Results
CVE
Details
Description
2024-10-15
CVE-2024-9970
Updating...
The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie.
2024-04-18
CVE-2024-21872
Updating...
The device allows an unauthenticated attacker to bypass authentication and modify the cookie to reveal hidden pages that allows more critical operations to the transmitter.
CVE-2024-22186
Updating...
The application suffers from a privilege escalation vulnerability. An attacker logged in as guest can escalate his privileges by poisoning the cookie to become administrator.
2023-09-18
CVE-2023-41084
Updating...
** UNSUPPPORTED WHEN ASSIGNED ** Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.
2022-06-29
Low
CVE-2021-40642
Vendor:
Textpattern
Software:
Textpattern
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.
2022-06-09
Medium
CVE-2016-15002
Vendor:
Ideracorp
Software:
Webyog monyo...
A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely.
2022-02-16
High
CVE-2021-46388
Updating...
WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17) is affected by a privilege escalation vulnerability. Improper handling of user cookies leads to escalating privileges to administrative account of the router.
2021-09-27
Medium
CVE-2021-3818
Vendor:
Getgrav
Software:
GRAV
grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking
2021-05-19
Low
CVE-2021-29624
Vendor:
Fastify
Software:
Fastify-csrf
fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service. Version 3.1.0 of the fastify-csrf fixes it. the vulnerability. The user of the module would need to supply a `userInfo` when generating the CSRF token to fully implement the protection on their end. This is needed only for applications hosted on different subdomains.
2021-04-02
Medium
CVE-2021-29012
Vendor:
Dmasoftlab
Software:
Dma radius m...
DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid (temporarily) during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus provides permanent access if stolen.
Copyright
2024
, cxsecurity.com
Back to Top
