Lucene search
K

3718 matches found

CNVD
CNVD
added 2015/02/26 12:0 a.m.3 views

Squid HTTP Header Injection Vulnerability

Squid Cache or Squid for short is a popular proxy server and web caching server software. A vulnerability in Squid's handling of HTTP responses with specially crafted headers allows attackers to exploit the vulnerability for HTTP response splitting attacks...

4.3CVSS6.8AI score0.04507EPSS
Exploits0References1
0day.today
0day.today
added 2015/02/26 12:0 a.m.61 views

Cisco Ironport AsyncOS HTTP Header Injection Vulnerability

Cisco Ironport AsyncOS suffers from an HTTP header injection vulnerability. Cisco Ironport AsyncOS HTTP Header Injection Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco Ironport ESA - AsyncOS 8.0.1-023 Cisco Ironport WSA - AsyncOS 8.5.5-021 Cisco Ironport SMA - AsyncO...

4.3CVSS6.9AI score0.02157EPSS
Exploits3
Packet Storm
Packet Storm
added 2015/02/25 12:0 a.m.44 views

Cisco Ironport AsyncOS HTTP Header Injection

Cisco Ironport AsyncOS HTTP Header Injection Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco Ironport ESA - AsyncOS 8.0.1-023 Cisco Ironport WSA - AsyncOS 8.5.5-021 Cisco Ironport SMA - AsyncOS 8.4.0-138 Date: 24/02/2015 Credits: Glafkos Charalambous CVE: CVE-2015-062...

4.3CVSS6.7AI score0.02157EPSS
Exploits3
NVD
NVD
added 2015/02/21 11:59 a.m.24 views

CVE-2015-0624

The web framework in Cisco AsyncOS on Email Security Appliance ESA, Content Security Management Appliance SMA, and Web Security Appliance WSA devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and...

4.3CVSS6.6AI score0.02157EPSS
Exploits3References5
Prion
Prion
added 2015/02/21 11:59 a.m.20 views

Design/Logic Flaw

The web framework in Cisco AsyncOS on Email Security Appliance ESA, Content Security Management Appliance SMA, and Web Security Appliance WSA devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and...

4.3CVSS7.2AI score0.02157EPSS
Exploits3References5
Cvelist
Cvelist
added 2015/02/21 11:0 a.m.29 views

CVE-2015-0624

The web framework in Cisco AsyncOS on Email Security Appliance ESA, Content Security Management Appliance SMA, and Web Security Appliance WSA devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and...

6.6AI score0.02157EPSS
Exploits3References5
CVE
CVE
added 2015/02/21 11:0 a.m.58 views

CVE-2015-0624

Cisco AsyncOS web framework on ESA, SMA, and WSA is vulnerable to an HTTP header injection flaw due to insufficient validation of header values (notably Host/X-Forwarded-Host). A remote attacker can trigger redirects to arbitrary URLs by sending crafted HTTP headers, potentially aided by publicly...

4.3CVSS6.8AI score0.02157EPSS
Exploits3References5Affected Software3
NVD
NVD
added 2015/02/14 2:59 a.m.15 views

CVE-2014-8911

Cross-site scripting XSS vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header...

4.3CVSS5.6AI score0.00931EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/02/14 2:0 a.m.23 views

CVE-2014-8911

Cross-site scripting XSS vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header...

5.6AI score0.00931EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/02/11 12:0 a.m.28 views

Fortinet FortiWeb Multiple Vulnerabilities (FG-IR-13-009)

Fortinet FortiWeb is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:fortinet:fortiweb"; if...

6.5CVSS5.1AI score0.01516EPSS
Exploits0References2
CNVD
CNVD
added 2015/01/29 12:0 a.m.6 views

Pivotal Software management plugin CRLF injection vulnerability

Pivotal Software RabbitMQ is a British company Pivotal Software's set of implementation of the Advanced Message Queuing Protocol AMQP open source message broker software. RabbitMQ management is one of the management plug-in . A CRLF injection vulnerability exists in the management plugin for...

5CVSS7.4AI score0.02622EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2015/01/25 12:0 a.m.33 views

OpenSchool Community Edition 2.2 XSS / Access Bypass

Exploit Title: OpenSchool Community Edition version 2.2 Multiple Vulnerabilities Date: 25 January 2015 Exploit Author: Mahendra Vendor Homepage: www.open-school.org Software Link: http://sourceforge.net/projects/fiyo-cms/ Full version demo: http://www.tryopenschool.com Version: 2.2 Tested : Kali...

5.2CVSS0.7AI score0.01372EPSS
Exploits4
Hacker One
Hacker One
added 2015/01/24 2:36 p.m.32 views

Square: HTTP Header revealing server information.

Hi Square, - Vulneravility Class: OWASP A5: Security Misconfiguration - Proof of Concept: nc 74.122.190.83 80 GET / HTTP/1.1 host:1.1.1.1 HTTP/1.1 301 Moved Permanently Transfer-Encoding: chunked Connection: keep-alive Status: 301 Moved Permanently Location: https://squareup.com/ X-Powered-By:...

6.6AI score
Exploits0
ThreatPost
ThreatPost
added 2015/01/21 12:57 p.m.7 views

Firefox Meta Referrer A Move Toward Browser Privacy

The HTTP Referer header is a marketer’s dream, and a privacy nightmare all in one. The header contains tracking information that organizations can use for statistical traffic analysis and naturally to promote services to the right audience. It started out by including just the last page the user...

7AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/01/20 12:0 a.m.26 views

ALCASAR 'index.php' Crafted HTTP Header RCE

The ALCASAR network access controller hosted on the remote web server is affected by a remote code execution vulnerability due to not properly sanitizing user-supplied input to the 'host' HTTP header passed to the 'index.php' script. A remote, unauthenticated attacker can exploit this issue to...

6.8AI score
Exploits0References2
NVD
NVD
added 2015/01/16 4:59 p.m.28 views

CVE-2015-0219

Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an underscore character instead of a - dash character in an HTTP header, as demonstrated by an X-AuthUser header...

5CVSS6.3AI score0.06783EPSS
Exploits1References13
CVE
CVE
added 2015/01/16 4:0 p.m.110 views

CVE-2015-0219

CVE-2015-0219 affects Django: WSGI headers can be spoofed when an underscore is used instead of a dash in HTTP header names (e.g., X-Auth_User). Affected versions are Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3. The root cause is unclear from the provided initial document, b...

5CVSS6.3AI score0.06783EPSS
Exploits1References13Affected Software1
Prion
Prion
added 2015/01/16 3:59 p.m.17 views

Open redirect

Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header...

5.8CVSS7.1AI score0.04398EPSS
Exploits2References5Affected Software1
Packet Storm
Packet Storm
added 2015/01/14 12:0 a.m.37 views

Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection

Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection Overview Sierra Wireless produces a mobile wi-fi hotspot device that is popular amongst telecommunication companies for re-branding to suit local markets. The AirCard 760S/762S/763S Web-based Administrative Console suffers from ...

0.3AI score
Exploits0
Prion
Prion
added 2015/01/08 3:59 p.m.14 views

Authentication flaw

VDG Security SENSE formerly DIVA before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : colon character in the Authorization HTTP header...

6.4CVSS7.3AI score0.0239EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder