Lucene search
K

3718 matches found

CVE
CVE
added 2015/10/27 4:0 p.m.99 views

CVE-2015-5178

CVE-2015-5178 affects Red Hat JBoss Enterprise Application Platform (EAP) / WildFly up to version 6.4.3 where the Management Console did not send X-Frame-Options, enabling clickjacking via a crafted page containing a FRAME/IFRAME. Remediation per RHSA-2015:1906 is to upgrade to 6.4.4 (EAP/WildFly...

4.3CVSS6.4AI score0.01743EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2015/10/27 4:0 p.m.23 views

CVE-2015-5178

The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly formerly JBoss Application Server does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a 1 FRAME or 2...

6.3AI score0.01743EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2015/10/26 5:0 p.m.19 views

CVE-2015-5251

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/...

5.5CVSS4.4AI score0.02035EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/10/26 12:0 a.m.41 views

Mac OS X : OS X Server < 5.0.15 Multiple Vulnerabilities

The remote Mac OS X host has a version of OS X Server installed that is prior to 5.0.15. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists due to an assertion flaw that is triggered when parsing malformed DNSSEC keys. An unauthenticated, remo...

7.8CVSS7AI score0.33652EPSS
Exploits0References7
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.91 views

Re: CVE-2015-5204: HTTP header injection vulnerability in Apache Cordova File Transfer Plugin for Android

CVE-2015-5204: HTTP header injection vulnerability in Apache Cordova File Transfer Plugin for Android Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Cordova Android File Transfer Plugin 1.2.1 and below Description: Android applications built with the Cordova framework...

4.3CVSS0.8AI score0.0343EPSS
Exploits0
NVD
NVD
added 2015/10/23 10:59 a.m.26 views

CVE-2015-7031

The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors...

5CVSS6.1AI score0.01983EPSS
Exploits0References3
Prion
Prion
added 2015/10/23 10:59 a.m.16 views

Design/Logic Flaw

The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors...

5CVSS6.6AI score0.01983EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/10/23 10:0 a.m.25 views

CVE-2015-7031

The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors...

6.1AI score0.01983EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2015/10/23 12:0 a.m.10 views

PT-2016-12: HTTP Header Injection in VMware vCenter Server and ESXi

The specialists of the Positive Research center have detected an HTTP Header Injection vulnerability in VMware vCenter Server and ESXi. The application does not properly sanitize user input before using it in HTTP response headers that allows a malicious user to inject arbitrary headers into HTTP...

6.1CVSS6.3AI score0.01906EPSS
Exploits1References4
Exploit DB
Exploit DB
added 2015/10/08 12:0 a.m.46 views

Kallithea 0.2.9 - &#039;came_from&#039; HTTP Response Splitting

Kallithea 0.2.9 camefrom HTTP Response Splitting Vulnerability Vendor: Kallithea Product web page: https://www.kallithea-scm.org Version affected: 0.2.9 and 0.2.2 Summary: Kallithea, a member project of Software Freedom Conservancy, is a GPLv3'd, Free Software source code management system that...

5CVSS6.4AI score0.06039EPSS
Exploits6
0day.today
0day.today
added 2015/10/08 12:0 a.m.65 views

Kallithea 0.2.9 HTTP Response Splitting Vulnerability

Kallithea suffers from a HTTP header injection response splitting vulnerability because it fails to properly sanitize user input before using it as an HTTP header value via the GET 'camefrom' parameter in the login instance. This type of attack not only allows a malicious user to control the...

5CVSS6.6AI score0.06039EPSS
Exploits6
exploitpack
exploitpack
added 2015/10/08 12:0 a.m.29 views

Kallithea 0.2.9 - came_from HTTP Response Splitting

Kallithea 0.2.9 - camefrom HTTP Response Splitting Kallithea 0.2.9 camefrom HTTP Response Splitting Vulnerability Vendor: Kallithea Product web page: https://www.kallithea-scm.org Version affected: 0.2.9 and 0.2.2 Summary: Kallithea, a member project of Software Freedom Conservancy, is a GPLv3'd,...

5CVSS6.5AI score0.06039EPSS
Exploits6
Packet Storm
Packet Storm
added 2015/10/08 12:0 a.m.36 views

Kallithea 0.2.9 HTTP Response Splitting

Kallithea 0.2.9 camefrom HTTP Response Splitting Vulnerability Vendor: Kallithea Product web page: https://www.kallithea-scm.org Version affected: 0.2.9 and 0.2.2 Summary: Kallithea, a member project of Software Freedom Conservancy, is a GPLv3'd, Free Software source code management system that...

5CVSS6.5AI score0.06039EPSS
Exploits6
Hacker One
Hacker One
added 2015/10/01 12:15 a.m.18 views

Imgur: Content Sniffing not enabled

The HTTP header X-Content-Type-Options was not set to nosniff. This can cause some browsers to try to determine the content/encoding type of a response, which is an undesired behavior...

1.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/09/30 12:0 a.m.2 views

Avira Management Console Server HTTP Header Processing Heap Buffer Overflow

A heap buffer overflow vulnerability has been reported in Avira Management Console Server. The vulnerability exists in the way Update Manager Service handles overly long HTTP headers. A remote unauthenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the server...

2.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/29 5:4 a.m.2 views

Apache Cordova plugin cordova-plugin-file-transfer vulnerable to HTTP header injection

Overview cordova-plugin-file-transfer, a plugin for Apache Cordova provided by the Apache Software Foundation, provides functionality to upload and download files in applications created by Apache Cordova. It also provides functionality to add HTTP headers. Android applications that use...

4.3CVSS7.2AI score0.0343EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/29 12:0 a.m.49 views

JVN#21612597: Apache Cordova plugin cordova-plugin-file-transfer vulnerable to HTTP header injection

cordova-plugin-file-transfer, a plugin for Apache Cordova provided by the Apache Software Foundation, provides functionality to upload and download files in applications created by Apache Cordova. It also provides functionality to add HTTP headers. Android applications that use...

4.3CVSS6.5AI score0.0343EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2015/09/22 3:0 p.m.21 views

CVE-2015-5251

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/...

5.5CVSS5.9AI score0.02035EPSS
Exploits0References3
NVD
NVD
added 2015/09/21 10:59 a.m.14 views

CVE-2015-2917

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a 1 FRAM...

4.3CVSS6.7AI score0.009EPSS
Exploits0References1
Prion
Prion
added 2015/09/21 10:59 a.m.11 views

Design/Logic Flaw

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a 1 FRAM...

4.3CVSS7.2AI score0.009EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder