Squid strListGetItem Denial of Service (CVE-2009-2855)

A denial of service vulnerability exists in the way Squid handles HTTP headers. The vulnerability is due to an infinite loop error when processing HTTP headers containing a specific delimiter character. Remote unauthenticated attackers can exploit this vulnerability by sending specially crafted...

CGI Generic XSS (HTTP Headers)

The remote web server hosts CGI scripts that fail to adequately sanitize HTTP headers of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. Note that...

Google Chrome Multiple Vulnerabilities (win)

This host is installed with Google Chrome Web Browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnapr10.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome Multiple Vulnerabilities win Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone...

CVE-2010-1231

Google Chrome before 4.1.249.1036 processes HTTP headers before invoking the SafeBrowsing feature, which allows remote attackers to have an unspecified impact via crafted headers...

CVE-2010-1231

Google Chrome before 4.1.249.1036 processes HTTP headers before invoking the SafeBrowsing feature, which allows remote attackers to have an unspecified impact via crafted headers...

Security feature bypass

Google Chrome before 4.1.249.1036 processes HTTP headers before invoking the SafeBrowsing feature, which allows remote attackers to have an unspecified impact via crafted headers...

CVE-2010-1231

Affected software: Google Chrome prior to 4.1.249.1036 (Windows). Root cause: Chrome processes HTTP headers before invoking SafeBrowsing, enabling remote attackers to induce an unspecified impact via crafted headers. Exploitation status: not provided in the documents; in-the-wild details are not ...

CVE-2010-1231

Google Chrome before 4.1.249.1036 processes HTTP headers before invoking the SafeBrowsing feature, which allows remote attackers to have an unspecified impact via crafted headers...

CVE-2010-1231

Removed by vendor...

Opera 10.51 Closes HTTP Header Holes

Opera has announced the release of version 10.51 of its web browser for Windows-based systems, closing two “highly severe” security holes. The security and stability update addresses a previously reported vulnerability caused by an incorrectly set value in HTTP headers. Read the full article. The...

AboCMS 5.4 SQL Injection

ONSEC-10-003 AboCMS SQL inj Target: AboCMS = 5.4 fixpack unknown Type: SQL инъекция Rist: Medium Find date: 12.03.2010 Report date: 12.03.2010 Fix date: 17.03.2010 Author: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Original links: http://onsec.ru/vuln?id=19 In the popular conten...

Google Chrome < 4.1.249.1036 Multiple Vulnerabilities

Binary data 800911.prm...

Google Chrome < 4.1.249.1036 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is prior to 4.1.249.1036. It is, therefore, affected by multiple vulnerabilities : - Multiple race conditions and pointer errors in the sandbox infrastructure. Issue 28804, 31880 - An error relating to persisted metadata such as Web...

Andromeda 1.9.2 Cross Site Scripting / Cookie Manipulation

======================================================================================== | Title : Andromeda v1.9.2 Mullti Vulnerability | Author : indoushka | email : [email protected] | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -00213771818860 | | Web Site : | Script : powered by...

Sun Java System Application Server Cross Site Tracing Vulnerability

This host has Sun Java System Application Server running which is prone to Cross Site Tracing vulnerability. OpenVAS Vulnerability Test $Id: gbsunjavaappservxstvuln.nasl 5373 2017-02-20 16:27:48Z teissa $ Sun Java System Application Server Cross Site Tracing Vulnerability Authors: Veerendra G...

Update Protection against Sun Java System Application Server HTTP TRACE Vulnerability

Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method which can be leveraged by attackers to gain access to sensitive user information. The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response. A local or remote...

OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted HTTP headers, which are not...

FreeWebShop 2.2.9 R2 - Multiple Remote Vulnerabilities

source: https://www.securityfocus.com/bid/37513/info FreeWebshop is prone to multiple remote vulnerabilities: 1. A security vulnerability that may allow attackers to spoof HTTP headers. 2. A security vulnerability involving the handling of sessions. 3. A security vulnerability that may allow...

WebSphere 6.0.2.37 通过伪造HTTP头请求绕过登录权限认证并获取敏感信息

No description provided by source...

iDevCart 1.09 XSS Vulnerability

No description provided by source. Title: iDevCart 1.09 XSS Vulnerability Date: 16/12/2009 Author: bi0 Software Link: http://www.idevspot.com/iDEVCart.php Version : 1.09 CVE : /\ == \ /\ \ /\ \ \ \ \ \ \ \ \ /\ \ \ \ \ \ \ \ // // // 01000010 01101001 01001111...