Total
47 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-20512 | 1 Cdatatec | 22 Epon Cpe-wifi Devices Firmware, Fd108bn, Fd111hz and 19 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies. | |||||
CVE-2018-5190 | 1 Picturespro | 1 Picturespro | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pc_head.php, pc_login.php, and pc_login_page.php. | |||||
CVE-2017-8034 | 1 Cloudfoundry | 3 Capi-release, Cf-release, Routing-release | 2024-02-28 | 6.0 MEDIUM | 6.6 MEDIUM |
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges. | |||||
CVE-2017-6896 | 1 Digisol | 2 Dg-hr1400 Router, Dg-hr1400 Router Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value. | |||||
CVE-2017-7279 | 1 Unitrends | 1 Enterprise Backup | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login. | |||||
CVE-2011-3887 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2024-02-28 | 5.0 MEDIUM | N/A |
Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors. | |||||
CVE-2008-5784 | 1 V3chat | 1 V3 Chat Profiles Dating Script | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. |