WordPress Better WP Security Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wordpress Security audit betterwpsecurity 1. Cross-site scripting reflected Summary Severity: High Confidence: Certain Host: http://127.0.0.1 Path: /wp-admin/admin.php?page=betterwpsecurity Issue detail The value of the User-Agent HTTP header is copie...

Moderate: Red Hat Security Advisory: httpd security and bug fix update

An update for the Apache HTTP Server component for JBoss Enterprise Web Server 1.0.2 that fixes multiple security issues and one bug is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability...

CVE-2012-2212

McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable...

CVE-2012-2213

Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and...

Design/Logic Flaw

DISPUTED Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable...

Design/Logic Flaw

DISPUTED McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the...

CVE-2012-2213

Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and...

CVE-2012-2212

CVE-2012-2212 affects McAfee Web Gateway 7.0. The issue arises when the appliance bypasses the access configuration for the CONNECT method based on the Host header, allowing an arbitrary allowed hostname to bypass URL filtering. Public Red Hat/RedHat-like entries corroborate the behavior and note...

CVE-2012-2213

CVE-2012-2213 affects Squid 3.1.9. The issue allows remote attackers to bypass access control for the CONNECT method by supplying an arbitrary hostname in the Host HTTP header, enabling potential access to blocked sites via SSL. The core cause is host header-based ACL evaluation in the CONNECT ha...

Design/Logic Flaw

Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1, when the inboundproxies option is enabled, does not properly validate the X-Forwarded-For HTTP header, which allows remote attackers to bypass the lockout policy via a series of authentication...

CVE-2012-0475

The CVE-2012-0475 issue affects Mozilla Firefox 4.x–11.0, Thunderbird 5.0–11.0, and SeaMonkey before 2.9, caused by improper construction of Origin and Sec-WebSocket-Origin HTTP headers that could allow bypassing an IPv6 literal ACL via cross-site XMLHttpRequest or WebSocket on a nonstandard port...

Squid Proxy 'Host' HTTP标头安全限制绕过漏洞

BUGTRAQ ID: 53024 Squid是一个高效的Web缓存及代理程序，最初是为Unix平台开发的，现在也被移植到Linux和大多数的Unix类系统中，最新的Squid可以运行在Windows平台下。 Squid Proxy在过滤规则的实现上存在安全漏洞，成功攻击可允许攻击者绕过某些安全限制。 0 Squid Web Proxy Cache 3.1.19 厂商补丁： Squid ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.squid-cache.org import...

McAfee Web Gateway 7.1.5.x - 'Host' HTTP Header Security Bypass

source: https://www.securityfocus.com/bid/53015/info McAfee Web Gateway is prone to a security-bypass vulnerability because it fails to properly enforce filtering rules. A successful attack will allow an attacker to bypass intended security restrictions; this may aid in other attacks. McAfee Web...

Apache Traffic Server 3.0.x < 3.0.4 / 3.1.x < 3.1.3 Host HTTP Header Parsing Remote Overflow

According to its banner, the version of Apache Traffic Server running on the remote host is 3.0.x prior to 3.0.4 or 3.1.x prior to 3.1.3. It is, therefore, affected by a heap-based buffer overflow vulnerability when handling malicious HTTP host headers. A remote, unauthenticated attacker can...

at32 Reverse Proxy Multiple HTTP Header Fields DoS Vulnerability

at32 Reverse Proxy is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

nginx < 1.0.14 / 1.1.17 HTTP Header Response Memory Disclosure

The remote web server is running nginx, a lightweight, high performance web server / reverse proxy and email IMAP/POP3 proxy. According to its Server response header, the installed version of nginx is earlier than 1.0.14 or is 1.1.x before 1.1.17 and is, therefore, affected by a memory disclosure...

at32 ReverseProxy - Multiple HTTP Header Field Denial Of Service Vulnerability

Title: at32 Reverse Proxy - Multiple HTTP Header Field Denial Of Service Vulnerability Product : at32 Reverse Proxy Version : v1.060.310 Vendor: http://www.at32.com/doc/rproxy.htm Class: Boundary Condition Error CVE: Remote: Yes Local: No Published: 2012-03-14 Updated: Impact : Medium CVSS2 Base ...

at32 Reverse Proxy 1.060.310 Denial Of Service

Title: at32 Reverse Proxy - Multiple HTTP Header Field Denial Of Service Vulnerability Product : at32 Reverse Proxy Version : v1.060.310 Vendor: http://www.at32.com/doc/rproxy.htm Class: Boundary Condition Error CVE: Remote: Yes Local: No Published: 2012-03-14 Updated: Impact : Medium CVSS2 Base ...

Mozilla Thunderbird 10.x < 10.0.3 Multiple Vulnerabilities

Binary data 801370.prm...

Mozilla Thunderbird 10.x < 10.0.3 Multiple Vulnerabilities

Binary data 6352.prm...