3718 matches found
CVE-2015-0733
CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting XSS attacks, via a crafted request, aka Bug ID...
CVE-2015-0733
Cisco Headend System Release Digital Broadband Delivery System is affected by a CRLF injection vulnerability in the HTTP Header Handler, enabling remote attackers to inject arbitrary HTTP headers and perform HTTP response-splitting attacks (potentially enabling XSS). The issue, tracked as CVE-201...
Cisco Headend Digital Broadband Delivery System HTTP Response-Splitting Vulnerability
A vulnerability in the Cisco Headend Digital Broadband Delivery System could allow an unauthenticated, remote attacker to conduct HTTP response-splitting attacks. The vulnerability is due to improper sanitization on user input performed by the HTTP Header Handler within the affected software...
CVE-2015-4060
Heap-based buffer overflow in the TermProxy WLTermProxyService.exe service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header...
CVE-2015-4059
Heap-based buffer overflow in the License Server LicenseServer.exe in Wavelink Terminal Emulation TE allows remote attackers to execute arbitrary code via a large HTTP header...
Heap overflow
Heap-based buffer overflow in the TermProxy WLTermProxyService.exe service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header...
Heap overflow
Heap-based buffer overflow in the License Server LicenseServer.exe in Wavelink Terminal Emulation TE allows remote attackers to execute arbitrary code via a large HTTP header...
CVE-2015-4060
CVE-2015-4060 describes a heap-based buffer overflow in Wavelink ConnectPro TermProxy (WLTermProxyService.exe) that enables remote code execution via oversized HTTP headers. Connected CNVD/NVD records confirm the root cause as improper parsing of HTTP requests leading to heap overflow, exploitabl...
CVE-2015-4060
Heap-based buffer overflow in the TermProxy WLTermProxyService.exe service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header...
CVE-2015-4059
Heap-based buffer overflow in the License Server LicenseServer.exe in Wavelink Terminal Emulation TE allows remote attackers to execute arbitrary code via a large HTTP header...
Juniper Networks Junos OS J-Web Clickjacking Vulnerability
Junos OS is prone to Clickjacking vulnerability on J-Web. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if...
CVE-2014-4778
IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element...
Design/Logic Flaw
IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element...
Squid 3.x < 3.2.9 / 3.3.x < 3.3.3 DoS
Binary data 8635.prm...
Squid 2.7.x < 3.0 DoS
Binary data 8636.prm...
Squid < 3.1.1 HTTP Header Injection
Binary data 8698.prm...
HP OpenView Network Node Manager Accept-Language Buffer Overflow - Ver2 (CVE-2009-4179)
A stack buffer overflow exists in HP OpenView Network Node Manager NNM CGI program ovalarm.exe. The vulnerability is due to a boundary error when processing the Accept-Language HTTP header and the OvAcceptLang cookie value in a crafted HTTP request. A remote unauthenticated attacker can exploit...
Referrer policy ignored when links opened by middle-click and context menu — Mozilla
Security researcher Alex Verstak reported that is ignored when a link is opened through the context menu or a middle-click by mouse. This means that, in some situations, the referrer policy is ignored when opening links in new tabs and may cause some pages to open without an HTTP Referer header...
vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability
Exploit Title: vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability + Discovered By: Dariush Nasirpour Net.Edit0r + My Homepage: black-hg.org / nasirpour.info + Date: 2015 27 February + Vendor Homepage: vBulletin.com + Tested on: vBulletin 4.2.2 + Greeting : Ali Razmjoo -...
F5 BigIP HTTP Virtual Server Scanner
This module scans for BigIP HTTP virtual servers using banner grabbing. BigIP system uses different HTTP profiles for managing HTTP traffic and these profiles allow to customize the string used as Server HTTP header. The default values are "BigIP" or "BIG-IP" depending on the BigIP system version...