317 matches found
Provide HTTP headers for the content that absolutely must not be cached on the client
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-29598. panel We have to provide the following HTTP headers in all responses containing sensitive content: Cache-control: no-store Pragma:...
Cisco Web Cache Control Protocol Router Vulenrability
The Web Cache Control Protocol WCCP, available on Cisco devices, does not provide any authentication. A router configured to support Cache Engines will treat any host that sends it valid WCCP hello packets as a cache engine, and may divert HTTP traffic to that host. If a router is configured to u...
V-CMS 1.0 Shell Upload
------------------------------------------------------------------------ Software................V-CMS 1.0 Vulnerability...........Arbitrary Upload Threat Level............Very Critical 5/5 Download................http://v-cms.org/ Discovery Date..........11/13/2011 Tested On...............Window...
openSite 0.2.2 Beta - Local File Inclusion
openSite 0.2.2 Beta - Local File Inclusion opensite-v0.2.2-beta === Local File Include vuln By n0n0x Homepage: http://priasantai.uni.cc/ Download script :http://sourceforge.net/projects/contentone/files/openSite/opensite-v0.2.2-beta/opensite-v0.2.2-beta.zip/download...
openSite 0.2.2 Beta Local File Inclusion
opensite-v0.2.2-beta === Local File Include vuln By n0n0x Homepage: http://priasantai.uni.cc/ Download script :http://sourceforge.net/projects/contentone/files/openSite/opensite-v0.2.2-beta/opensite-v0.2.2-beta.zip/download ========================================= xpl :...
httpd mod_cache segfault
cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...
MediaWiki api.php脚本信息泄露漏洞
BUGTRAQ ID: 42019 MediaWiki是著名的wiki程序,运行于PHP+MySQL环境。 MediaWiki的api.php脚本没有正确地对缓存数据强制Cache-Control头,远程攻击者可以通过公开缓存头请求保密数据,包括文章标题和内容、已删除文章的内容、用户邮件地址或watchlist等。成功攻击要求攻击者能够使用与受害用户相同的HTTP代理服务器。 MediaWiki 1.8 - 1.15.4 厂商补丁: MediaWiki --------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Debian DSA-2002-1 : polipo - denial of service
Several denial of service vulnerabilities have been discovered in polipo, a small, caching web proxy. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3305 A malicous remote server could cause polipo to crash by sending an invalid Cache-Control heade...
Cross site request forgery (csrf)
Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service crash via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in httpparse.c, and possibly other...
SOFT64 PHP Whois XSS Vulnerability
No description provided by source. Exploit Title: SOFT64 PHP Whois XSS Vulnerability Date: 24/12/2009 Author: bi0 Software Link: http://blog.soft64download.com/files/ajax-whois.rar /\ == \ /\ \ /\ \ \ \ \ \ \ \ \ /\ \ \ \ \ \ \ \ // // // 01000010 01101001 01001111...
Network Appliance NetCache DoS
Error on Cache-Control: prefetch processing...
openSUSE Security Update : MozillaFirefox (MozillaFirefox-509)
The Mozilla Firefox browser is updated to version 3.0.6 fixing various security and stability issues. MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these...
openSUSE Security Update : MozillaFirefox (MozillaFirefox-509)
The Mozilla Firefox browser is updated to version 3.0.6 fixing various security and stability issues. MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these...
Ubuntu 8.04 LTS / 8.10 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-717-1)
Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2009-0352, CVE-2009-0353 A flaw was discovered in the JavaScript engine. An attacker could bypass the same-origin policy i...
USN-717-1: Firefox and Xulrunner vulnerabilities
Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2009-0352, CVE-2009-0353 A flaw was discovered in the JavaScript engine. An attacker could bypass the same-origin policy i...
Mozilla Foundation Security Advisory 2009-06
Mozilla Foundation Security Advisory 2009-06 Title: Directives to not cache pages ignored Impact: Low Announced: February 3, 2009 Reporter: Paul Nel Products: Firefox Fixed in: Firefox 3.0.6 Description Paul Nel reported that certain HTTP directives to not cache web pages, Cache-Control: no-store...
CVE-2009-0358
Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...
CVE-2009-0358
Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...
CVE-2009-0358
Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...
Firefox directives to not cache pages ignored
Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...