183 matches found
CVE-2013-2850
Heap-based buffer overflow in the iscsiaddnotunderstoodresponse function in drivers/target/iscsi/iscsitargetparameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service memory corruption and OOPS or possibly execute arbitrary co...
Reflected xss in the jira-gadgets-plugin getLabelGroups rest resource
The jira-gadgets-plugin LabelsResource class exposes a getLabelGroups rest resource that is vulnerable to reflected xss through the user supplied 'project' path parameter. The vulnerability is caused by building an error response message with a content type of text/html and not html encoding the...
FreeBSD : apache -- multiple vulnerabilities (4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0)
CVE MITRE reports : An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...
Apache Httpd < 2.2.22 : error responses can expose cookies
A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified...
apache -- multiple vulnerabilities
CVE MITRE reports: An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...
CentOS Update for thunderbird CESA-2009:1126 centos5 i386
Check for the Version of thunderbird OpenVAS Vulnerability Test CentOS Update for thunderbird CESA-2009:1126 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
CVE-2011-2680
Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 has unknown impact and remote attack vectors related to the "server error response."...
CVE-2011-2680
CVE-2011-2680 affects IBM Rational DOORS Web Access 1.4.x before 1.4.0.4. The description is explicit that impact is unknown and that there are remote attack vectors related to the server error response. The NVD entry assigns a high base score (10.0) with network attack vector, no authentication,...
Cisco IPsec VPN Implementation Group Name Enumeration Information Disclosure Vulnerability
Multiple Cisco VPN devices contain a vulnerability that could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability exists due to unsafe handling of error response codes. An unauthenticated, remote attacker could exploit this vulnerability by sending...
CVE-2009-3563
ntprequest.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service CPU and bandwidth consumption by using MODEPRIVATE to send a spoofed 1 request or 2 response packet that triggers a continuous exchange of MODEPRIVATE error responses between two NTP daemon...
CVE-2008-2470
The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service memory corruption and browser crash and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response...
CVE-2008-0717
CVE-2008-0717 affects IBM WebSphere Edge Server’s Caching Proxy (CP) 5.1–6.1. When CGI mapping rules are enabled, it enables cross-site scripting by injecting arbitrary script/HTML that is reflected in an error response. The NVD entry lists a NETWORK attack vector with MEDIUM complexity, requirin...
CVE-2008-0717
Cross-site scripting XSS vulnerability in Caching Proxy CP 5.1 through 6.1 in IBM WebSphere Edge Server, when CGI mapping rules are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger injection into an error response...
Code injection
SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a differen...
[SA13701] Bugzilla Internal Error Response Cross-Site Scripting
TITLE: Bugzilla Internal Error Response Cross-Site Scripting SECUNIA ADVISORY ID: SA13701 VERIFY ADVISORY: http://secunia.com/advisories/13701/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Bugzilla 2.x http://secunia.com/product/396/ DESCRIPTION: Michael Krax...
Microsoft IIS Cookie information disclosure
The remote host is running Microsoft IIS with what appears to be a a vulnerable disclosure of cookie usage. That is, when sent a Cookie with the '=' character, Microsoft IIS will either respond with an error if actually processing the cookie via a specific asp page or disclose information of the...
Corsaire Security Advisory - Verity Ultraseek path disclosure issue
-- Corsaire Security Advisory -- Title: Verity Ultraseek path disclosure issue Date: 04.01.13 Application: Verity Ultraseek 5.2.1 and prior Environment: Solaris 7, Windows NT, Windows 2000, Redhat Linux Author: Martin O'Neal [email protected] Audience: Vendor notification Reference:...
Corsaire Security Advisory: PeopleSoft Gateway Administration servlet path disclosure issue
-- Corsaire Security Advisory -- Title: PeopleSoft Gateway Administration servlet path disclosure issue Date: 04.07.03 Application: PeopleTools 8.20/8.43 and prior Environment: Various Author: Martin O'Neal [email protected] Audience: General distribution Reference: c030704-003 -- Scope -...
Half-Life 1.1 - Invalid Command Error Response Format String
source: https://www.securityfocus.com/bid/8730/info It has been reported that Half-Life clients may be prone to a format string vulnerability. The problem occurs when an invalid command is issued to the server, and an error response is returned and displayed by the client. If a format specifier...
SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 - Information Disclosure
SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 - Information Disclosure source: https://www.securityfocus.com/bid/8515/info A vulnerability has been discovered in SAP Internet Transaction Server SITSthat could allow an attacker to obtain sensitive information. The problem occurs...