CyberSecurityBoard
Sponsor Register Login

CVE-2004-0871

Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."

Publication date: Thu, 16 Sep 2004 09:00:00 +0000


Cyber News related to CVE-2004-0871

CVE-2004-0871 - Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka ...
7 years ago
CVE-2004-1159 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-1122, CVE-2004-1314. Reason: this was an out-of-band assignment duplicate intended for one issue, but the description and references inadvertently combined multiple issues. ...
55 years ago Tenable.com
CVE-2004-0868 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0866. Reason: This candidate is a duplicate of CVE-2004-0866. Notes: The description for CVE-2004-0866 was inadvertently attached to this issue instead. All CVE users should ...
55 years ago Tenable.com
CVE-2019-0868 - A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This ...
5 years ago
CVE-2019-0867 - A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This ...
5 years ago
CVE-2019-0870 - A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This ...
5 years ago
CVE-2019-0866 - A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This ...
5 years ago
CVE-2019-0871 - A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This ...
5 years ago
CVE-2018-0871 - An information disclosure vulnerability exists when Edge improperly marks files, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8234. ...
6 years ago
CVE-2018-8234 - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0871. ...
6 years ago
CVE-2006-0871 - Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been ...
14 years ago
CVE-2012-0871 - The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/. ...
3 years ago
CVE-2003-0871 - Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system." ...
16 years ago
CVE-2010-0871 - Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors. ...
12 years ago
CVE-2015-0871 - Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK 1.62 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
10 years ago
CVE-2016-0871 - Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request. ...
8 years ago
CVE-2002-0871 - xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe. ...
8 years ago
CVE-2005-0871 - calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message. ...
7 years ago
CVE-2009-4353 - The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors ...
7 years ago
CVE-2009-4352 - Multiple cross-site scripting (XSS) vulnerabilities in TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0939, allow remote attackers to inject arbitrary web script or HTML via the (1) From, ...
7 years ago
CVE-2009-4354 - TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions. ...
7 years ago
CVE-2000-0871 - Buffer overflow in EFTP allows remote attackers to cause a denial of service by sending a string that does not contain a newline, then disconnecting from the server. ...
7 years ago
CVE-2001-0871 - Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name ...
7 years ago
CVE-2014-0871 - RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-printing characters in a cookie to the /classes/ ...
6 years ago
CVE-2009-0871 - The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of ...
6 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)