CVE-2010-2375: WebLogic Plugin HTTP Injection via Encoded URLs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs Release Date: 2010-07-13 Application: WebLogic Plugin...

Multiple Cisco CSS / ACE Client Certificate And HTTP Header Manipulation Vulnerabilities

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities Release Date: 2010-07-02 Application:...

Ubuntu Update for firefox regression USN-930-3

Ubuntu Update for Linux kernel vulnerabilities USN-930-3 OpenVAS Vulnerability Test $Id: gbubuntuUSN9303.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for firefox regression USN-930-3 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-930-1

Ubuntu Update for Linux kernel vulnerabilities USN-930-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9301.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-930-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

CVE-2008-7257

Cisco ASA WebVPN (WebVPN on ASA) is affected by a CRLF injection/HTTP response splitting vulnerability tracked as CVE-2008-7257. The flaw occurs in +webvpn+/index.html for ASA 5580-series devices with software before 8.1(2). An attacker can craft a URL containing %0d%0a sequences to inject arbitr...

Design/Logic Flaw

Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066...

CVE-2010-2504

CVE-2010-2504 affects Splunk 4.0–4.0.10 and 4.1–4.1.1. The issue is HTTP header injection that allows remote authenticated users to obtain sensitive information (SPL-31066). Root cause details beyond “HTTP header injection” are not provided in the connected documents. Impact is noted as exposure ...

CVE-2010-2504

Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066...

Weborf服务器HTTP头远程拒绝服务漏洞

BUGTRAQ ID: 41064 Weborf是用C编写的轻型Web服务器。 Weborf服务器没有正确地处理HTTP请求头Connection:字段中的unicode字符，远程攻击者可以通过发送恶意HTTP请求导致服务器终止。 Galileo Students Team Weborf 0.12.1 厂商补丁： Galileo Students Team --------------------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://freshmeat.net/projects/weborf/releases/318531...

Apache Axis 1.5 Session Fixation

===== Tempest Security Intelligence - Advisory 02 / 2010 =========== Vulnerability = 'Apache Axis Session Fixation Vulnerability' Authors = 'Tiago Ferreira ' 'Leandro Oliveira ' ======== Table of Contents =========================================== 1. Overview 2. Detailed description 3. Other...

CVE-2010-2435

Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service crash via Unicode characters in a Connection HTTP header, and possibly other headers...

CVE-2010-2435

Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service crash via Unicode characters in a Connection HTTP header, and possibly other headers...

devhelp, esc, firefox, gnome, totem, xulrunner, yelp security update

CentOS Errata and Security Advisory CESA-2010:0501 Updated firefox packages that address several security issues, fix bugs, add numerous enhancements, and upgrade Firefox to version 3.6.4, are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update a...

Firefox 3.6.x < 3.6.4 Multiple Vulnerabilities

Binary data 800742.prm...

SeaMonkey < 2.0.5 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.0.5. Such versions are potentially affected by the following security issues : - A memory corruption vulnerability can lead to arbitrary code execution if garbage collection is carefully timed after DOM nodes are moved between documents. MFSA...

Firefox < 3.5.10 Multiple Vulnerabilities

The installed version of Firefox is earlier than 3.5.10. Such versions are potentially affected by the following security issues : - A memory corruption vulnerability can lead to arbitrary code execution if garbage collection is carefully timed after DOM nodes are moved between documents. MFSA...

Mozilla Firefox < 3.5.10 Multiple Vulnerabilities

Binary data 5579.prm...

Mozilla Firefox 3.6.x < 3.6.4 Multiple Vulnerabilities

Binary data 5580.prm...

Firefox < 3.5.10 Multiple Vulnerabilities

Binary data 800758.prm...

Critical: Red Hat Security Advisory: seamonkey security update

Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...