CVE-2015-4198

Cross-site scripting XSS vulnerability in the web framework on Cisco Web Security Appliance WSA devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409...

Cisco Web Security Appliance Web Framework HTTP Header Injection Vulnerability

A vulnerability in the web framework of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to inject a crafted HTTP header that could introduce arbitrary code into the web interface. The vulnerability is due to insufficient validation of user input before it is used...

CVE-2015-0770

The vulnerability CVE-2015-0770 affects Cisco TelePresence TC software on the SX20 Integrator C platform, specifically TC 6.x before 6.3.4 and 7.x before 7.3.3. The root cause is improper handling of HTTP requests leading toCRLF injection and HTTP response splitting, allowing an unauthenticated, ...

IBM Watson XSS / Open Redirect

Vulnerability type: Cross-site Scripting & Redirect Vendor: www.ibm.com Product: IBM Watson Cloud Computing SaaS Cognea Product Link: http://www.ibm.com/smarterplanet/us/en/ibmwatson/ Credit: Jerold Hoong The logout.jsp page function of the IBM Watson Cognea SaaS application is vulnerable to...

CVE-2014-0999

Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header...

Crlf injection

CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting XSS attacks, via a crafted request, aka Bug ID...

CVE-2015-0733

Cisco Headend System Release Digital Broadband Delivery System is affected by a CRLF injection vulnerability in the HTTP Header Handler, enabling remote attackers to inject arbitrary HTTP headers and perform HTTP response-splitting attacks (potentially enabling XSS). The issue, tracked as CVE-201...

CVE-2015-0733

CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting XSS attacks, via a crafted request, aka Bug ID...

Cisco Headend Digital Broadband Delivery System HTTP Response-Splitting Vulnerability

A vulnerability in the Cisco Headend Digital Broadband Delivery System could allow an unauthenticated, remote attacker to conduct HTTP response-splitting attacks. The vulnerability is due to improper sanitization on user input performed by the HTTP Header Handler within the affected software...

CVE-2015-4060

Heap-based buffer overflow in the TermProxy WLTermProxyService.exe service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header...

CVE-2015-4059

Heap-based buffer overflow in the License Server LicenseServer.exe in Wavelink Terminal Emulation TE allows remote attackers to execute arbitrary code via a large HTTP header...

Heap overflow

Heap-based buffer overflow in the License Server LicenseServer.exe in Wavelink Terminal Emulation TE allows remote attackers to execute arbitrary code via a large HTTP header...

Heap overflow

Heap-based buffer overflow in the TermProxy WLTermProxyService.exe service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header...

CVE-2015-4060

Heap-based buffer overflow in the TermProxy WLTermProxyService.exe service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header...

CVE-2015-4060

CVE-2015-4060 describes a heap-based buffer overflow in Wavelink ConnectPro TermProxy (WLTermProxyService.exe) that enables remote code execution via oversized HTTP headers. Connected CNVD/NVD records confirm the root cause as improper parsing of HTTP requests leading to heap overflow, exploitabl...

CVE-2015-4059

Heap-based buffer overflow in the License Server LicenseServer.exe in Wavelink Terminal Emulation TE allows remote attackers to execute arbitrary code via a large HTTP header...

Juniper Networks Junos OS J-Web Clickjacking Vulnerability

Junos OS is prone to Clickjacking vulnerability on J-Web. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if...

CVE-2014-4778

IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element...

Design/Logic Flaw

IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element...

Squid 2.7.x < 3.0 DoS

Binary data 8636.prm...