Lucene search
K

3718 matches found

NVD
NVD
added 2015/01/08 3:59 p.m.15 views

CVE-2014-9575

VDG Security SENSE formerly DIVA before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : colon character in the Authorization HTTP header...

6.4CVSS6.8AI score0.0239EPSS
Exploits1References4
CVE
CVE
added 2015/01/08 3:0 p.m.46 views

CVE-2014-9575

CVE-2014-9575 affects VDG Security SENSE (formerly DIVA) before 2.3.15. A crafted encoded colon in the Authorization header allows remote attackers to bypass authentication and read/modify arbitrary plugin settings. Remediation: upgrade to 2.3.16 (or later) per available changelog. The reports co...

6.4CVSS7AI score0.0239EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2015/01/08 3:0 p.m.19 views

CVE-2014-9575

VDG Security SENSE formerly DIVA before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : colon character in the Authorization HTTP header...

6.8AI score0.0239EPSS
Exploits1References4
Patchstack
Patchstack
added 2015/01/02 12:0 a.m.22 views

WordPress Simple Visitor Stat Plugin <= 4.5.2 BYPASS

Because of these vulnerabilities, the attackers can inject arbitrary HTML or web script via the HTTP User-Agent or HTTP Referer header. Solution No fix have been released...

4.3CVSS2.2AI score0.01633EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2014/12/16 6:59 p.m.16 views

Sql injection

SQL injection vulnerability in Php/Functions/logfunction.php in phpTrafficA 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via a User-Agent HTTP header...

7.5CVSS9AI score0.01837EPSS
Exploits3References2Affected Software1
NVD
NVD
added 2014/12/12 12:59 a.m.10 views

CVE-2014-7263

Cross-site scripting XSS vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP header, a different vulnerability than CVE-2014-7261...

4.3CVSS5.5AI score0.01502EPSS
Exploits0References3
Prion
Prion
added 2014/12/12 12:59 a.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP header, a different vulnerability than CVE-2014-7261...

4.3CVSS5.9AI score0.01502EPSS
Exploits0References3
CVE
CVE
added 2014/12/12 12:0 a.m.45 views

CVE-2014-7263

CVE-2014-7263 : i-HTTPD (Windows) contains a flaw in processing HTTP headers that enables cross‑site scripting via a crafted header. The vulnerability allows a remote attacker to induce arbitrary script execution in a user’s browser. The JVN entry notes this is a separate issue from CVE-2014-7261...

4.3CVSS5.7AI score0.01502EPSS
Exploits0References3Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/12/09 12:0 a.m.35 views

JVN#87910097: i-HTTPD vulnerable to cross-site scripting

i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in processing HTTP header, which may lead to cross-site scripting CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use i-HTTPD i-HTTPD is no longer being developed or maintained. It is...

4.3CVSS5.9AI score0.01502EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2014/11/30 12:0 a.m.7 views

Web Server Content-Disposition Cross-Site Scripting (CVE-2016-7168)

A cross-site scripting vulnerability exists in Content-Disposition HTTP header. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

3.5CVSS2.8AI score0.02842EPSS
Exploits0
OpenVAS
OpenVAS
added 2014/11/28 12:0 a.m.48 views

Apache Tomcat Multiple Vulnerabilities (Nov 2014)

Apache Tomcat is prone to multiple vulnerabilities. Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5CVSS8.4AI score0.2006EPSS
Exploits1References4
NVD
NVD
added 2014/11/20 1:55 p.m.19 views

CVE-2014-8998

lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the pregreplace function with the eval switch...

6.5CVSS7.2AI score0.36826EPSS
Exploits2References4
Prion
Prion
added 2014/11/20 1:55 p.m.9 views

Code injection

lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the pregreplace function with the eval switch...

6.5CVSS7.6AI score0.36826EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2014/11/20 11:0 a.m.24 views

CVE-2014-8998

lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the pregreplace function with the eval switch...

7.2AI score0.36826EPSS
Exploits2References4
ThreatPost
ThreatPost
added 2014/11/17 11:51 a.m.12 views

AT&T Drops Controversial Tracking Header

When information came out earlier this month that some mobile carriers were injecting unique identifying “supercookies” into their users’ Web traffic, privacy groups and users were angered. The practice, used by Verizon and AT&T, enables advertisers to track users’ behavior and assemble informati...

1.2AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2014/11/08 12:0 a.m.33 views

RHEL 5 / 6 : spacewalk-java, spacewalk-web and satellite-branding (RHSA-2014:0148)

Updated spacewalk-java, spacewalk-web, and satellite-branding packages that fix multiple security issues are now available for Red Hat Satellite 5.6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

4.3CVSS5.8AI score0.0185EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2014/10/21 12:0 a.m.108 views

IBM WebSphere Application Server 7.0 < Fix Pack 35 Multiple Vulnerabilities

The remote host is running a version of IBM WebSphere Application Server 7.0 prior to Fix Pack 35. It is, therefore, affected by the following vulnerabilities : - Multiple errors exist related to the included IBM HTTP server that could allow remote code execution or denial of service...

6.8CVSS7.5AI score0.85744EPSS
Exploits7References14
Tenable Nessus
Tenable Nessus
added 2014/10/12 12:0 a.m.52 views

Amazon Linux AMI : httpd (ALAS-2011-1)

The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially crafted Range header...

7.8CVSS7.4AI score0.98945EPSS
Exploits17References2
Packet Storm
Packet Storm
added 2014/10/02 12:0 a.m.24 views

AllMyVisitors 0.5.0 SQL Injection

AllMyVisitors0.5.0 Blind SQL Injection Vulnerability ==================================================== Author : indoushka Vondor : http://www.php-resource.net/ Dork: Copyright c 2004 by voice of web ========================== SQL injection is a vulnerability that allows an attacker to alter...

0.4AI score
Exploits0
Debian
Debian
added 2014/09/30 8:33 p.m.38 views

[SECURITY] [DLA 68-1] fex security update

Package : fex Version : 20100208+debian1-1+squeeze4 CVE ID : CVE-2014-3875 CVE-2014-3876 CVE-2014-3877 CVE-2014-3875 When inserting encoded newline characters into a request to rup, additional HTTP headers can be injected into the reply, as well as new HTML code on the top of the website...

6.1CVSS6.1AI score0.01914EPSS
Exploits5
Rows per page
Query Builder