Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
CWE
:
Nic nie znaleziono w bazie WLB2
Common Weakness Enumeration (CWE)
CVE
Szczegóły
Opis
2024-10-15
CVE-2024-9970
Updating...
The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie.
2024-04-18
CVE-2024-21872
Updating...
The device allows an unauthenticated attacker to bypass authentication and modify the cookie to reveal hidden pages that allows more critical operations to the transmitter.
CVE-2024-22186
Updating...
The application suffers from a privilege escalation vulnerability. An attacker logged in as guest can escalate his privileges by poisoning the cookie to become administrator.
2023-09-18
CVE-2023-41084
Updating...
** UNSUPPPORTED WHEN ASSIGNED ** Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.
2022-06-29
Low
CVE-2021-40642
Vendor:
Textpattern
Software:
Textpattern
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.
2022-06-09
Medium
CVE-2016-15002
Vendor:
Ideracorp
Software:
Webyog monyo...
A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely.
2022-02-16
High
CVE-2021-46388
Updating...
WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17) is affected by a privilege escalation vulnerability. Improper handling of user cookies leads to escalating privileges to administrative account of the router.
2021-09-27
Medium
CVE-2021-3818
Vendor:
Getgrav
Software:
GRAV
grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking
2021-05-19
Low
CVE-2021-29624
Vendor:
Fastify
Software:
Fastify-csrf
fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service. Version 3.1.0 of the fastify-csrf fixes it. the vulnerability. The user of the module would need to supply a `userInfo` when generating the CSRF token to fully implement the protection on their end. This is needed only for applications hosted on different subdomains.
2021-04-02
Medium
CVE-2021-29012
Vendor:
Dmasoftlab
Software:
Dma radius m...
DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid (temporarily) during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus provides permanent access if stolen.
Copyright
2024
, cxsecurity.com
Back to Top
Polish
English