Total
69 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17104 | 1 Centreon | 1 Centreon Vm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set. | |||||
| CVE-2018-5455 | 1 Moxa | 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions. | |||||
| CVE-2018-5190 | 1 Picturespro | 1 Picturespro | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pc_head.php, pc_login.php, and pc_login_page.php. | |||||
| CVE-2018-20512 | 1 Cdatatec | 22 Epon Cpe-wifi Devices Firmware, Fd108bn, Fd111hz and 19 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies. | |||||
| CVE-2018-19224 | 1 Laobancms | 1 Laobancms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies. | |||||
| CVE-2016-15002 | 1 Ideracorp | 1 Webyog Monyog Ultimate | 2024-11-21 | 6.5 MEDIUM | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely. | |||||
| CVE-2012-5631 | 1 Freeipa | 1 Freeipa | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| ipa 3.0 does not properly check server identity before sending credential containing cookies | |||||
| CVE-2024-9820 | 1 Dueclic | 1 Wp 2fa With Telegram | 2024-10-19 | N/A | 6.5 MEDIUM |
| The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication. | |||||
| CVE-2024-9970 | 1 Newtype | 1 Flowmaster Bpm Plus | 2024-10-17 | N/A | 8.8 HIGH |
| The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie. | |||||