Vulnerabilities > Reliance on Cookies without Validation and Integrity Checking
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-03 | CVE-2018-20512 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Cdatatec Epon Cpe-Wifi Devices Firmware 2.0.4X000 EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies. | 10.0 |
| 2018-11-12 | CVE-2018-19224 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Laobancms 2.0 An issue was discovered in LAOBANCMS 2.0. | 5.0 |
| 2018-04-17 | CVE-2018-5190 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Picturespro 7.1.0 PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pc_head.php, pc_login.php, and pc_login_page.php. | 5.0 |
| 2017-07-17 | CVE-2017-8034 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Cloudfoundry Capi-Release, Cf-Release and Routing-Release The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. | 6.0 |
| 2017-04-12 | CVE-2017-7279 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Unitrends Enterprise Backup 7.3.0 An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login. | 10.0 |
| 2017-03-14 | CVE-2017-6896 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Digisol Dg-Hr1400 Router Firmware 1.00.02 Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value. | 6.5 |
| 2008-12-31 | CVE-2008-5784 | Reliance on Cookies without Validation and Integrity Checking vulnerability in V3Chat V3 Chat Profiles Dating Script 3.0.2 V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | 9.8 |