Total
69 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-4305 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.3 Medium |
| IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951. | ||||
| CVE-2019-17104 | 1 Centreon | 1 Centreon Vm | 2024-11-21 | 7.5 High |
| In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set. | ||||
| CVE-2018-5455 | 1 Moxa | 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more | 2024-11-21 | N/A |
| A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions. | ||||
| CVE-2018-5190 | 1 Picturespro | 1 Picturespro | 2024-11-21 | N/A |
| PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pc_head.php, pc_login.php, and pc_login_page.php. | ||||
| CVE-2018-20512 | 1 Cdatatec | 22 Epon Cpe-wifi Devices Firmware, Fd108bn, Fd111hz and 19 more | 2024-11-21 | N/A |
| EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies. | ||||
| CVE-2018-19224 | 1 Laobancms | 1 Laobancms | 2024-11-21 | N/A |
| An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies. | ||||
| CVE-2012-5631 | 1 Freeipa | 1 Freeipa | 2024-11-21 | 8.8 High |
| ipa 3.0 does not properly check server identity before sending credential containing cookies | ||||
| CVE-2024-9820 | 1 Dueclic | 1 Wp 2fa With Telegram | 2024-10-19 | 6.5 Medium |
| The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication. | ||||
| CVE-2024-9970 | 2 New Type, Newtype | 2 Flowmaster Bpm Plus, Flowmaster Bpm Plus | 2024-10-17 | 8.8 High |
| The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie. | ||||