Lucene search
K

3718 matches found

Cvelist
Cvelist
added 2015/05/30 2:0 p.m.23 views

CVE-2015-0733

CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting XSS attacks, via a crafted request, aka Bug ID...

6AI score0.01559EPSS
Exploits0References2
CVE
CVE
added 2015/05/30 2:0 p.m.50 views

CVE-2015-0733

Cisco Headend System Release Digital Broadband Delivery System is affected by a CRLF injection vulnerability in the HTTP Header Handler, enabling remote attackers to inject arbitrary HTTP headers and perform HTTP response-splitting attacks (potentially enabling XSS). The issue, tracked as CVE-201...

4.3CVSS6.1AI score0.01559EPSS
Exploits0References2Affected Software1
Cisco
Cisco
added 2015/05/29 8:9 p.m.22 views

Cisco Headend Digital Broadband Delivery System HTTP Response-Splitting Vulnerability

A vulnerability in the Cisco Headend Digital Broadband Delivery System could allow an unauthenticated, remote attacker to conduct HTTP response-splitting attacks. The vulnerability is due to improper sanitization on user input performed by the HTTP Header Handler within the affected software...

4.3CVSS7.1AI score0.01559EPSS
Exploits0References1
NVD
NVD
added 2015/05/29 3:59 p.m.11 views

CVE-2015-4060

Heap-based buffer overflow in the TermProxy WLTermProxyService.exe service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header...

10CVSS8AI score0.0488EPSS
Exploits0References2
NVD
NVD
added 2015/05/29 3:59 p.m.18 views

CVE-2015-4059

Heap-based buffer overflow in the License Server LicenseServer.exe in Wavelink Terminal Emulation TE allows remote attackers to execute arbitrary code via a large HTTP header...

10CVSS8AI score0.0488EPSS
Exploits0References2
Prion
Prion
added 2015/05/29 3:59 p.m.11 views

Heap overflow

Heap-based buffer overflow in the TermProxy WLTermProxyService.exe service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header...

10CVSS8.7AI score0.0488EPSS
Exploits0References2
Prion
Prion
added 2015/05/29 3:59 p.m.14 views

Heap overflow

Heap-based buffer overflow in the License Server LicenseServer.exe in Wavelink Terminal Emulation TE allows remote attackers to execute arbitrary code via a large HTTP header...

10CVSS8.6AI score0.0488EPSS
Exploits0References2
CVE
CVE
added 2015/05/29 3:0 p.m.44 views

CVE-2015-4060

CVE-2015-4060 describes a heap-based buffer overflow in Wavelink ConnectPro TermProxy (WLTermProxyService.exe) that enables remote code execution via oversized HTTP headers. Connected CNVD/NVD records confirm the root cause as improper parsing of HTTP requests leading to heap overflow, exploitabl...

10CVSS8.3AI score0.0488EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/05/29 3:0 p.m.16 views

CVE-2015-4060

Heap-based buffer overflow in the TermProxy WLTermProxyService.exe service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header...

8AI score0.0488EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/05/29 3:0 p.m.18 views

CVE-2015-4059

Heap-based buffer overflow in the License Server LicenseServer.exe in Wavelink Terminal Emulation TE allows remote attackers to execute arbitrary code via a large HTTP header...

8AI score0.0488EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/05/28 12:0 a.m.19 views

Juniper Networks Junos OS J-Web Clickjacking Vulnerability

Junos OS is prone to Clickjacking vulnerability on J-Web. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if...

4.3CVSS5.2AI score0.01816EPSS
Exploits0References2
NVD
NVD
added 2015/05/25 2:59 p.m.21 views

CVE-2014-4778

IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element...

4.3CVSS6.5AI score0.00977EPSS
Exploits0References1
Prion
Prion
added 2015/05/25 2:59 p.m.15 views

Design/Logic Flaw

IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element...

4.3CVSS7AI score0.00977EPSS
Exploits0References1Affected Software2
Tenable Nessus
Tenable Nessus
added 2015/05/21 12:0 a.m.13 views

Squid 3.x < 3.2.9 / 3.3.x < 3.3.3 DoS

Binary data 8635.prm...

7.3AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/05/21 12:0 a.m.18 views

Squid 2.7.x < 3.0 DoS

Binary data 8636.prm...

7.3AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/05/21 12:0 a.m.28 views

Squid < 3.1.1 HTTP Header Injection

Binary data 8698.prm...

4.3CVSS7.3AI score0.04507EPSS
Exploits0References5
Check Point Advisories
Check Point Advisories
added 2015/05/18 12:0 a.m.16 views

HP OpenView Network Node Manager Accept-Language Buffer Overflow - Ver2 (CVE-2009-4179)

A stack buffer overflow exists in HP OpenView Network Node Manager NNM CGI program ovalarm.exe. The vulnerability is due to a boundary error when processing the Accept-Language HTTP header and the OvAcceptLang cookie value in a crafted HTTP request. A remote unauthenticated attacker can exploit...

10CVSS1.9AI score0.66973EPSS
Exploits8
Mozilla
Mozilla
added 2015/05/12 12:0 a.m.36 views

Referrer policy ignored when links opened by middle-click and context menu — Mozilla

Security researcher Alex Verstak reported that is ignored when a link is opened through the context menu or a middle-click by mouse. This means that, in some situations, the referrer policy is ignored when opening links in new tabs and may cause some pages to open without an HTTP Referer header...

4.3CVSS8.8AI score0.01904EPSS
Exploits0References2Affected Software2
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.156 views

vBulletin 4.x.x &#39;visitormessage.php&#39; Remote Code Injection Vulnerability

Exploit Title: vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability + Discovered By: Dariush Nasirpour Net.Edit0r + My Homepage: black-hg.org / nasirpour.info + Date: 2015 27 February + Vendor Homepage: vBulletin.com + Tested on: vBulletin 4.2.2 + Greeting : Ali Razmjoo -...

7.8AI score
Exploits0
Metasploit
Metasploit
added 2015/05/08 8:8 p.m.40 views

F5 BigIP HTTP Virtual Server Scanner

This module scans for BigIP HTTP virtual servers using banner grabbing. BigIP system uses different HTTP profiles for managing HTTP traffic and these profiles allow to customize the string used as Server HTTP header. The default values are "BigIP" or "BIG-IP" depending on the BigIP system version...

7.4AI score
Exploits0
Rows per page
Query Builder