Lucene search
K

298 matches found

OpenVAS
OpenVAS
added 2015/01/20 12:0 a.m.59 views

Mozilla Thunderbird Multiple Vulnerabilities-01 (Jan 2015) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

7.5CVSS9.7AI score0.03861EPSS
Exploits0References7
Mageia
Mageia
added 2015/01/17 10:31 p.m.38 views

Updated firefox and thunderbird packages fixes security vulnerabilities

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it CVE-2014-8634. It was found that the Beacon interface...

7.5CVSS9.7AI score0.04158EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2015/01/16 12:0 a.m.22 views

Mozilla Firefox < 35.0 Multiple Vulnerabilities

Binary data 8624.prm...

7.5CVSS9.8AI score0.65657EPSS
Exploits4References19
Tenable Nessus
Tenable Nessus
added 2015/01/16 12:0 a.m.30 views

SeaMonkey < 2.32 Multiple Vulnerabilities

Binary data 8626.prm...

7.5CVSS9.8AI score0.65657EPSS
Exploits4References18
Prion
Prion
added 2015/01/14 11:59 a.m.24 views

Session fixation

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...

6.8CVSS6.9AI score0.01902EPSS
Exploits0References39Affected Software4
Tenable Nessus
Tenable Nessus
added 2015/01/14 12:0 a.m.30 views

Mozilla Thunderbird < 31.4 Multiple Vulnerabilities

The version of Thunderbird installed on the remote Windows host is prior to 31.4. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory safety issues exist within the browser engine. CVE-2014-8634, CVE-2014-8635 - A flaw exists in 'navigator.sendBeacon' in...

7.5CVSS7.7AI score0.04109EPSS
Exploits0References7
OSV
OSV
added 2015/01/14 12:0 a.m.3 views

UBUNTU-CVE-2014-8639

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...

6.8CVSS6.9AI score0.01902EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/01/13 11:18 p.m.1 views

Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04)

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...

6.8CVSS7AI score0.01902EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/01/13 9:16 p.m.1 views

Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04)

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...

6.8CVSS7AI score0.01902EPSS
Exploits0References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

TWiki <= 4.0.4 (configure) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl Tue Aug 1 13:18:12 CEST 2006 [email protected] use strict; use LWP::UserAgent; use LWP::Simple; use HTTP::Request; use HTTP::Response; use Getopt::Long; $| = 1; couse 1 is bigger than 0 my $proxy,$proxyuser,$proxypass; my $host,$debug,$dir,...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.29 views

MyBulletinBoard (MyBB) <= 1.2.3 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/php ?php errorreportingEALL ^ ENOTICE; http://www.milw0rm.com/exploits/2012 They corrected not all a lot of SQL requests which use the ipaddress, with $db-escapestring. They don't corrected the function this is a choice ... the bad and they forgot to...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.30 views

openSUSE Security Update : privoxy (openSUSE-2013-242)

privoxy was updated to 3.0.21 stable fo fix CVE-2013-2503 bnc809123 - changes in 3.0.21 - On POSIX-like platforms, network sockets with file descriptor values above FDSETSIZE are properly rejected. Previously they could cause memory corruption in configurations that allowed the limit to be reache...

5.8CVSS7.1AI score0.04632EPSS
Exploits2References2
Prion
Prion
added 2014/05/23 2:55 p.m.14 views

Code injection

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code...

5CVSS7.5AI score0.05822EPSS
Exploits1References8Affected Software2
securityvulns
securityvulns
added 2013/03/13 12:0 a.m.109 views

Privoxy Proxy Authentication Credential Exposure - CVE-2013-2503

Privoxy Proxy Authentication Credential Exposure Product: Privoxy Project Homepage: privoxy.org Advisory ID: c22-2013-01 Vulnerable Versions: 3.0.20 and possibly prior Tested Version: 3.0.20-1 tested using Debian Sid Vendor Notification: March 6, 2013 Public Disclosure: March 11, 2013 Vulnerabili...

5.8CVSS7.5AI score0.04632EPSS
Exploits2
OSV
OSV
added 2013/03/11 5:55 p.m.2 views

DEBIAN-CVE-2013-2503

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...

5.8CVSS7.1AI score0.04632EPSS
Exploits2References1
OSV
OSV
added 2013/03/11 5:55 p.m.1 views

UBUNTU-CVE-2013-2503

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...

5.8CVSS7.1AI score0.04632EPSS
Exploits2References4
exploitpack
exploitpack
added 2013/03/11 12:0 a.m.16 views

Privoxy Proxy - Authentication Information Disclosure

Privoxy Proxy - Authentication Information Disclosure source: https://www.securityfocus.com/bid/58425/info Privoxy is prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to gain access to the user accounts and potentially obtain sensitive information. This...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2013/03/11 12:0 a.m.44 views

Privoxy 3.0.20-1 Credential Exposure

Privoxy Proxy Authentication Credential Exposure Product: Privoxy Project Homepage: privoxy.org Advisory ID: c22-2013-01 Vulnerable Versions: 3.0.20 and possibly prior Tested Version: 3.0.20-1 tested using Debian Sid Vendor Notification: March 6, 2013 Public Disclosure: March 11, 2013 Vulnerabili...

5.8CVSS7.5AI score0.04632EPSS
Exploits2
FreeBSD
FreeBSD
added 2013/03/07 12:0 a.m.38 views

privoxy -- malicious server spoofing as proxy vulnerability

Privoxy Developers reports: Proxy authentication headers are removed unless the new directive enable-proxy-authentication-forwarding is used. Forwarding the headers potentially allows malicious sites to trick the user into providing them with login information. Reported by Chris John Riley...

5.8CVSS6.6AI score0.04632EPSS
Exploits2References1
Ubuntu
Ubuntu
added 2013/02/25 11:54 p.m.65 views

USN-1748-1: Thunderbird vulnerabilities

Bobby Holley discovered vulnerabilities in Chrome Object Wrappers COW and System Only Wrappers SOW. If a user were tricked into opening a specially crafted page and had scripting enabled, a remote attacker could exploit this to bypass security protections to obtain sensitive information or...

9.3CVSS8.6AI score0.05364EPSS
Exploits4References1
Rows per page
Query Builder