Lucene search
K

3718 matches found

Citrix
Citrix
added 2015/09/21 12:0 a.m.9 views

How to Use Policy-Based Logging on a NetScaler Appliance to Log HTTP Header

This article describes how to use the policy-based logging on a NetScaler appliance to log an HTTP header not supported by the NetScaler Web Logging NSWL feature...

7AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2015/09/16 12:0 a.m.25 views

(0Day) Avira Management Console Update Manager Service HTTP Header Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avira Management Console. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP headers by the Update Manager service. By sending overly...

9.3CVSS7.2AI score0.35159EPSS
Exploits0References2
NVD
NVD
added 2015/09/15 6:59 p.m.20 views

CVE-2015-6949

Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values...

9.3CVSS8.1AI score0.0702EPSS
Exploits0References2
Prion
Prion
added 2015/09/15 6:59 p.m.15 views

Stack overflow

Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values...

9.3CVSS8.7AI score0.0702EPSS
Exploits0References2
CVE
CVE
added 2015/09/15 6:0 p.m.46 views

CVE-2015-6949

The CVE-2015-6949 issue affects the ASUS TM-AC1900 router. A stack-based buffer overflow in the HTTP header parsing routine allows remote attackers to execute arbitrary code by sending crafted HTTP header values, potentially yielding root-privileged code execution. Public references (e.g., NVD en...

9.3CVSS8.3AI score0.0702EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/09/15 6:0 p.m.28 views

CVE-2015-6949

Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values...

8.1AI score0.0702EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2015/09/02 12:0 a.m.39 views

(0Day) ASUS TM-AC1900 httpd Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the ASUS TM-1900. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP header parsing routine. The issue lies in the failure to check the size of...

7.9CVSS7.2AI score0.0702EPSS
Exploits0
Hacker One
Hacker One
added 2015/08/18 8:1 p.m.41 views

ownCloud: owncloud.com: Content Sniffing not disabled

URL :- https://owncloud.com Issue description :- There was no "X-Content-Type-Options" HTTP header with the value nosniff set in the response. The lack of this header causes that certain browsers, try to determine the content type and encoding of the response even when these properties are define...

5.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/08/13 12:0 a.m.6 views

Wavelink Emulation License Server HTTP Header Processing Buffer Overflow (CVE-2015-4059)

A buffer overflow vulnerability exists in Wavelink Emulation License Server. The vulnerability is due to a boundary error when parsing HTTP headers. By sending crafted requests to a vulnerable server, a remote unauthenticated attacker can possibly exploit this vulnerability to execute arbitrary...

10CVSS3.9AI score0.0488EPSS
Exploits0
Hacker One
Hacker One
added 2015/07/20 8:48 p.m.33 views

Keybase: Content Sniffing not disabled

Issue description :- There was no "X-Content-Type-Options" HTTP header with the value nosniff set in the response. The lack of this header causes that certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly. This can make t...

0.1AI score
Exploits0
WPVulnDB
WPVulnDB
added 2015/06/30 12:0 a.m.16 views

NewStatPress <= 1.0.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

An insufficient user input validation of HTTP-Header: "Referer" results in a persistent XSS in the WordPress admin-panel. An attacker may be able to access any cookies, session tokens or other sensitive information retained by the browser and used with that site...

4.3CVSS2.9AI score0.00923EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2015/06/29 12:0 a.m.109 views

Netgear Prosafe VPN Firewalls - Multiple vulnerabilities

About Encripto AS ================= Encripto is a Norwegian company which provides specialized services within IT-security. Our core expertise is security testing, network security monitoring and training. Encripto is committed to information security. We do research to discover trends, new...

8.4AI score
Exploits0
NVD
NVD
added 2015/06/20 2:59 p.m.17 views

CVE-2015-4198

Cross-site scripting XSS vulnerability in the web framework on Cisco Web Security Appliance WSA devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409...

4.3CVSS5.8AI score0.02162EPSS
Exploits0References3
Prion
Prion
added 2015/06/20 2:59 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the web framework on Cisco Web Security Appliance WSA devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409...

4.3CVSS6.3AI score0.02162EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/06/20 2:0 p.m.23 views

CVE-2015-4198

Cross-site scripting XSS vulnerability in the web framework on Cisco Web Security Appliance WSA devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409...

5.8AI score0.02162EPSS
Exploits0References3
Cisco
Cisco
added 2015/06/19 7:21 p.m.24 views

Cisco Web Security Appliance Web Framework HTTP Header Injection Vulnerability

A vulnerability in the web framework of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to inject a crafted HTTP header that could introduce arbitrary code into the web interface. The vulnerability is due to insufficient validation of user input before it is used...

4.3CVSS7.2AI score0.02162EPSS
Exploits0References1
CVE
CVE
added 2015/06/07 6:0 p.m.53 views

CVE-2015-0770

The vulnerability CVE-2015-0770 affects Cisco TelePresence TC software on the SX20 Integrator C platform, specifically TC 6.x before 6.3.4 and 7.x before 7.3.3. The root cause is improper handling of HTTP requests leading toCRLF injection and HTTP response splitting, allowing an unauthenticated, ...

5CVSS7.2AI score0.01752EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2015/06/05 12:0 a.m.18 views

IBM Watson XSS / Open Redirect

Vulnerability type: Cross-site Scripting & Redirect Vendor: www.ibm.com Product: IBM Watson Cloud Computing SaaS Cognea Product Link: http://www.ibm.com/smarterplanet/us/en/ibmwatson/ Credit: Jerold Hoong The logout.jsp page function of the IBM Watson Cognea SaaS application is vulnerable to...

7.4AI score
Exploits0
NVD
NVD
added 2015/06/02 2:59 p.m.18 views

CVE-2014-0999

Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header...

5CVSS6.1AI score0.06651EPSS
Exploits5References5
Prion
Prion
added 2015/05/30 2:59 p.m.13 views

Crlf injection

CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting XSS attacks, via a crafted request, aka Bug ID...

4.3CVSS6.2AI score0.01559EPSS
Exploits0References2
Rows per page
Query Builder