Lucene search
K

84 matches found

appercut
appercut
added 2016/06/16 12:0 a.m.541 views

WooCommerce plugin for WordPress: source code security analysis report

Several vulnerabilities were discovered in WooThemes 'WooCommerce plugin for WordPress' software: File System Path Manipulation Using Global Variables Incorrect Newline Symbol Filtration in HTTP-response Headers Hardcoded Credentials...

1.6AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/01/28 12:0 a.m.12 views

The vulnerability of the Microsoft Edge browser, which allows a hacker to bypass the protection against cross-site scripting attacks

The vulnerability of Microsoft Edge is caused by errors in the processing of HTTP response headers. Exploiting this vulnerability allows a malicious actor to bypass the protection mechanisms against cross-site scripting attacks...

4.3CVSS5.2AI score0.10826EPSS
Exploits2References2
NVD
NVD
added 2014/02/14 1:10 p.m.21 views

CVE-2013-3978

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation...

5CVSS6AI score0.01173EPSS
Exploits0References2
Prion
Prion
added 2014/02/14 1:10 p.m.19 views

Design/Logic Flaw

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation...

5CVSS6.5AI score0.01173EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2013/08/20 10:0 p.m.64 views

CVE-2013-4961

CVE-2013-4961 affects Puppet Enterprise prior to 3.0.1. The vulnerability is an information disclosure where the HTTP response headers reveal version information for Apache and Phusion Passenger, allowing remote attackers to obtain sensitive details about the server stack. Publicly documented acr...

5CVSS6.4AI score0.01799EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2013/08/20 10:0 p.m.20 views

CVE-2013-4961

Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information...

5CVSS6AI score0.01799EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/04/02 12:0 a.m.32 views

Fedora 15 : nginx-1.0.14-1.fc15 (2012-4006)

Update to upstream release 1.0.14 to fix: malformed HTTP response headers leads to information leak. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

5CVSS5.3AI score0.10417EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2011/08/16 12:0 a.m.271 views

Oracle GlassFish HTTP Server Version

The remote host is running an Oracle GlassFish HTTP Server, a Java EE application server. It was possible to read the version number from the HTTP response headers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid55930; scriptversion"1.13";...

5.5AI score
Exploits0References1
NVD
NVD
added 2009/08/31 4:30 p.m.25 views

CVE-2009-3017

Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, ...

4.3CVSS5.6AI score0.01062EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2009/08/31 4:30 p.m.18 views

CVE-2009-3015

QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header that contains a javascript: URI, 2...

4.3CVSS5.8AI score0.00912EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2009/03/11 12:0 a.m.30 views

GLSA-200903-23 : Adobe Flash Player: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200903-23 Adobe Flash Player: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard allows ActionScript programs to execute the method without user...

10CVSS6.4AI score0.79426EPSS
Exploits15References18
Gentoo Linux
Gentoo Linux
added 2009/03/10 12:0 a.m.59 views

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Description Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard...

10CVSS8.9AI score0.79426EPSS
Exploits15
Ubuntu
Ubuntu
added 2009/02/10 11:13 p.m.66 views

USN-717-1: Firefox and Xulrunner vulnerabilities

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2009-0352, CVE-2009-0353 A flaw was discovered in the JavaScript engine. An attacker could bypass the same-origin policy i...

10CVSS8.8AI score0.04331EPSS
Exploits0
NVD
NVD
added 2009/02/05 12:30 a.m.26 views

CVE-2008-6059

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

5CVSS6.2AI score0.01946EPSS
Exploits0References4
Cvelist
Cvelist
added 2009/02/05 12:0 a.m.28 views

CVE-2008-6059

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

6.2AI score0.01946EPSS
Exploits0References4
CVE
CVE
added 2009/02/04 7:0 p.m.131 views

CVE-2009-0357

CVE-2009-0357 affects Mozilla Firefox (before 3.0.6) and SeaMonkey (before 1.1.15). The vulnerability stems from not properly restricting access from web pages to the Set-Cookie/Set-Cookie2 HTTP response headers, allowing an attacker to read cookie data via XMLHttpRequest calls and potentially ex...

5CVSS9.1AI score0.0156EPSS
Exploits0References27Affected Software2
NVD
NVD
added 2008/11/10 2:12 p.m.17 views

CVE-2008-4818

Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers...

4.3CVSS5.5AI score0.04731EPSS
Exploits0References18
Prion
Prion
added 2008/11/10 2:12 p.m.26 views

Cross site scripting

Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers...

4.3CVSS5.7AI score0.04731EPSS
Exploits0References18Affected Software1
UbuntuCve
UbuntuCve
added 2008/11/10 2:12 p.m.24 views

CVE-2008-4818

Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers...

4.3CVSS6AI score0.04731EPSS
Exploits0References1
CVE
CVE
added 2008/11/10 11:0 a.m.124 views

CVE-2008-4818

CVE-2008-4818 is an XSS in Adobe Flash Player related to how HTTP response headers are interpreted. The vulnerability affects Flash Player 9.0.124.0 and earlier. In Red Hat advisories, fixes are delivered via flash-plugin updates: RHSA-2008-0980 for older RHEL3/4/others (updating to Flash Player ...

4.3CVSS5.4AI score0.04731EPSS
Exploits0References18Affected Software1
Rows per page
Query Builder