Lucene search
+L

183 matches found

Debian CVE
Debian CVE
added 2013/06/07 10:0 a.m.66 views

CVE-2013-2850

Heap-based buffer overflow in the iscsiaddnotunderstoodresponse function in drivers/target/iscsi/iscsitargetparameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service memory corruption and OOPS or possibly execute arbitrary co...

7.9CVSS9.3AI score0.07313EPSS
Exploits1
Atlassian
Atlassian
added 2013/01/02 4:17 a.m.25 views

Reflected xss in the jira-gadgets-plugin getLabelGroups rest resource

The jira-gadgets-plugin LabelsResource class exposes a getLabelGroups rest resource that is vulnerable to reflected xss through the user supplied 'project' path parameter. The vulnerability is caused by building an error response message with a content type of text/html and not html encoding the...

0.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/02/02 12:0 a.m.55 views

FreeBSD : apache -- multiple vulnerabilities (4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0)

CVE MITRE reports : An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...

5CVSS8.1AI score0.90734EPSS
Exploits23References7
Apache Httpd
Apache Httpd
added 2012/01/15 12:0 a.m.63 views

Apache Httpd < 2.2.22 : error responses can expose cookies

A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified...

4.3CVSS0.8AI score0.82756EPSS
Exploits4Affected Software1
FreeBSD
FreeBSD
added 2011/10/05 12:0 a.m.64 views

apache -- multiple vulnerabilities

CVE MITRE reports: An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...

2.6CVSS9AI score0.30809EPSS
Exploits0
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.45 views

CentOS Update for thunderbird CESA-2009:1126 centos5 i386

Check for the Version of thunderbird OpenVAS Vulnerability Test CentOS Update for thunderbird CESA-2009:1126 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

9.3CVSS0.2AI score0.09282EPSS
Exploits5References2
NVD
NVD
added 2011/07/07 7:55 p.m.16 views

CVE-2011-2680

Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 has unknown impact and remote attack vectors related to the "server error response."...

10CVSS6.3AI score0.01769EPSS
Exploits0References6
CVE
CVE
added 2011/07/07 7:0 p.m.51 views

CVE-2011-2680

CVE-2011-2680 affects IBM Rational DOORS Web Access 1.4.x before 1.4.0.4. The description is explicit that impact is unknown and that there are remote attack vectors related to the server error response. The NVD entry assigns a high base score (10.0) with network attack vector, no authentication,...

10CVSS6.5AI score0.01769EPSS
Exploits0References6Affected Software1
Cisco
Cisco
added 2010/12/03 8:24 p.m.35 views

Cisco IPsec VPN Implementation Group Name Enumeration Information Disclosure Vulnerability

Multiple Cisco VPN devices contain a vulnerability that could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability exists due to unsafe handling of error response codes. An unauthenticated, remote attacker could exploit this vulnerability by sending...

4.3CVSS6.5AI score0.01588EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2009/12/08 12:0 a.m.35 views

CVE-2009-3563

ntprequest.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service CPU and bandwidth consumption by using MODEPRIVATE to send a spoofed 1 request or 2 response packet that triggers a continuous exchange of MODEPRIVATE error responses between two NTP daemon...

6.4CVSS7.1AI score0.32288EPSS
Exploits3References4
NVD
NVD
added 2008/09/18 6:0 p.m.16 views

CVE-2008-2470

The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service memory corruption and browser crash and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response...

9.3CVSS7.8AI score0.05481EPSS
Exploits0References5
CVE
CVE
added 2008/02/12 1:0 a.m.37 views

CVE-2008-0717

CVE-2008-0717 affects IBM WebSphere Edge Server’s Caching Proxy (CP) 5.1–6.1. When CGI mapping rules are enabled, it enables cross-site scripting by injecting arbitrary script/HTML that is reflected in an error response. The NVD entry lists a NETWORK attack vector with MEDIUM complexity, requirin...

4.3CVSS5.8AI score0.01659EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2008/02/12 1:0 a.m.30 views

CVE-2008-0717

Cross-site scripting XSS vulnerability in Caching Proxy CP 5.1 through 6.1 in IBM WebSphere Edge Server, when CGI mapping rules are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger injection into an error response...

5.8AI score0.01659EPSS
Exploits0References5
Prion
Prion
added 2007/08/31 12:17 a.m.13 views

Code injection

SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a differen...

6.8CVSS6.7AI score0.02106EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2005/01/06 12:0 a.m.29 views

[SA13701] Bugzilla Internal Error Response Cross-Site Scripting

TITLE: Bugzilla Internal Error Response Cross-Site Scripting SECUNIA ADVISORY ID: SA13701 VERIFY ADVISORY: http://secunia.com/advisories/13701/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Bugzilla 2.x http://secunia.com/product/396/ DESCRIPTION: Michael Krax...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/05/06 12:0 a.m.29 views

Microsoft IIS Cookie information disclosure

The remote host is running Microsoft IIS with what appears to be a a vulnerable disclosure of cookie usage. That is, when sent a Cookie with the '=' character, Microsoft IIS will either respond with an error if actually processing the cookie via a specific asp page or disclose information of the...

5.5AI score
Exploits0References1
securityvulns
securityvulns
added 2004/05/05 12:0 a.m.33 views

Corsaire Security Advisory - Verity Ultraseek path disclosure issue

-- Corsaire Security Advisory -- Title: Verity Ultraseek path disclosure issue Date: 04.01.13 Application: Verity Ultraseek 5.2.1 and prior Environment: Solaris 7, Windows NT, Windows 2000, Redhat Linux Author: Martin O'Neal [email protected] Audience: Vendor notification Reference:...

5CVSS0.4AI score0.01388EPSS
Exploits0
securityvulns
securityvulns
added 2003/11/13 12:0 a.m.36 views

Corsaire Security Advisory: PeopleSoft Gateway Administration servlet path disclosure issue

-- Corsaire Security Advisory -- Title: PeopleSoft Gateway Administration servlet path disclosure issue Date: 04.07.03 Application: PeopleTools 8.20/8.43 and prior Environment: Various Author: Martin O'Neal [email protected] Audience: General distribution Reference: c030704-003 -- Scope -...

5CVSS0.4AI score0.01194EPSS
Exploits0
Exploit DB
Exploit DB
added 2003/09/29 12:0 a.m.18 views

Half-Life 1.1 - Invalid Command Error Response Format String

source: https://www.securityfocus.com/bid/8730/info It has been reported that Half-Life clients may be prone to a format string vulnerability. The problem occurs when an invalid command is issued to the server, and an error response is returned and displayed by the client. If a format specifier...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/08/30 12:0 a.m.13 views

SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 - Information Disclosure

SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 - Information Disclosure source: https://www.securityfocus.com/bid/8515/info A vulnerability has been discovered in SAP Internet Transaction Server SITSthat could allow an attacker to obtain sensitive information. The problem occurs...

7.2AI score
Exploits0
Rows per page
Query Builder