WordPress Plugin Sexy Add Template - Cross-Site Request Forgery

WordPress Plugin Sexy Add Template - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/55666/info The Sexy Add Template plugin for WordPress is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. Exploiting this...

CVE-2012-3715

Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network...

Design/Logic Flaw

Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network...

CVE-2012-3715

Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network...

CVE-2012-4001

The modpagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers...

Code injection

The modpagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers...

CVE-2012-4001

CVE-2012-4001 affects the mod_pagespeed module for the Apache HTTP Server (versions before 0.10.22.6). The vulnerability arises from improper verification of the module’s host name, allowing remote attackers to trigger HTTP requests to arbitrary hosts (demonstrated via intranet targets) due to an...

TestLink 1.9.3 Cross Site Request Forgery Vulnerability

Exploit for php platform in category web applications Product: TestLink Vendor: teamst.org Vulnerable Versions: 1.9.3 and probably prior Tested Version: 1.9.3 Vendor Notification: April 18, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Request Forgery CWE-352 CVE...

Cross site request forgery (csrf)

cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request...

Debian Security Advisory DSA 2504-1 (libspring-2.5-java)

The remote host is missing an update to libspring-2.5-java announced via advisory DSA 2504-1. OpenVAS Vulnerability Test $Id: deb25041.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2504-1 libspring-2.5-java Authors: Thomas Reinke Copyright: Copyright c 20...

Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64

A flaw was found in the way SeaMonkey handled dialog boxes. An attacker could use this flaw to create a malicious web page that would present a blank dialog box that has non-functioning buttons. If a user closes the dialog box window, it could unexpectedly grant the malicious web page elevated...

Scientific Linux Security Update : httpd on SL6.x i386/x86_64

The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy fla...

Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64

A flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated replies, or replies containing data related to the requests of other users, for all subsequent...

Scientific Linux Security Update : ruby on SL5.x, SL4.x i386/x86_64

A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. If a remote attacker sends a specially crafted request, it is possible to cause the ruby CGI script to enter an infinite loop, possibly causing a denial of service. CVE-2006-6303 An SSL certificate validation flaw w...

Ubuntu: Security Advisory (USN-1506-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[USN-1506-1] Puppet vulnerabilities

========================================================================== Ubuntu Security Notice USN-1506-1 July 12, 2012 puppet vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[SECURITY] [DSA 2510-1] extplorer security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2510-1 [email protected] http://www.debian.org/security/ Luciano Bello July 12, 2012 http://www.debian.org/security/faq -...

GLSA-201207-09 : mod_fcgid: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201207-09 modfcgid: Multiple vulnerabilities Multiple vulnerabilities have been found in modfcgid: An error in the 'fcgidheaderbucketread' function in fcgidbucket.c could cause a stack-based buffer overflow CVE-2010-3872. An error...

Debian DSA-2504-1 : libspring-2.5-java - information disclosure

It was discovered that the Spring Framework contains an information disclosure vulnerability in the processing of certain Expression Language EL patterns, allowing attackers to access sensitive information using HTTP requests. NOTE: This update adds a springJspExpressionSupport context parameter...

DSA-2504-1 libspring-2.5-java - information disclosure

Bulletin has no description...