84 matches found
WooCommerce plugin for WordPress: source code security analysis report
Several vulnerabilities were discovered in WooThemes 'WooCommerce plugin for WordPress' software: File System Path Manipulation Using Global Variables Incorrect Newline Symbol Filtration in HTTP-response Headers Hardcoded Credentials...
The vulnerability of the Microsoft Edge browser, which allows a hacker to bypass the protection against cross-site scripting attacks
The vulnerability of Microsoft Edge is caused by errors in the processing of HTTP response headers. Exploiting this vulnerability allows a malicious actor to bypass the protection mechanisms against cross-site scripting attacks...
CVE-2013-3978
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation...
Design/Logic Flaw
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation...
CVE-2013-4961
CVE-2013-4961 affects Puppet Enterprise prior to 3.0.1. The vulnerability is an information disclosure where the HTTP response headers reveal version information for Apache and Phusion Passenger, allowing remote attackers to obtain sensitive details about the server stack. Publicly documented acr...
CVE-2013-4961
Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information...
Fedora 15 : nginx-1.0.14-1.fc15 (2012-4006)
Update to upstream release 1.0.14 to fix: malformed HTTP response headers leads to information leak. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...
Oracle GlassFish HTTP Server Version
The remote host is running an Oracle GlassFish HTTP Server, a Java EE application server. It was possible to read the version number from the HTTP response headers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid55930; scriptversion"1.13";...
CVE-2009-3017
Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, ...
CVE-2009-3015
QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header that contains a javascript: URI, 2...
GLSA-200903-23 : Adobe Flash Player: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200903-23 Adobe Flash Player: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard allows ActionScript programs to execute the method without user...
Adobe Flash Player: Multiple vulnerabilities
Background The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Description Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard...
USN-717-1: Firefox and Xulrunner vulnerabilities
Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2009-0352, CVE-2009-0353 A flaw was discovered in the JavaScript engine. An attacker could bypass the same-origin policy i...
CVE-2008-6059
xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...
CVE-2008-6059
xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...
CVE-2009-0357
CVE-2009-0357 affects Mozilla Firefox (before 3.0.6) and SeaMonkey (before 1.1.15). The vulnerability stems from not properly restricting access from web pages to the Set-Cookie/Set-Cookie2 HTTP response headers, allowing an attacker to read cookie data via XMLHttpRequest calls and potentially ex...
CVE-2008-4818
Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers...
Cross site scripting
Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers...
CVE-2008-4818
Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers...
CVE-2008-4818
CVE-2008-4818 is an XSS in Adobe Flash Player related to how HTTP response headers are interpreted. The vulnerability affects Flash Player 9.0.124.0 and earlier. In Red Hat advisories, fixes are delivered via flash-plugin updates: RHSA-2008-0980 for older RHEL3/4/others (updating to Flash Player ...