Lucene search
K

361 matches found

Tenable Nessus
Tenable Nessus
added 2013/01/17 12:0 a.m.41 views

Scientific Linux Security Update : httpd on SL5.x i386/x86_64 (20130108)

Input sanitization flaws were found in the modnegotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use these flaws to conduct cross-site scripting and HTTP response splitting attacks against users...

4.3CVSS7.4AI score0.6477EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2012/12/13 12:0 a.m.25 views

Fedora 17 : perl-5.14.3-218.fc17 / perl-CGI-3.52-218.fc17 (2012-19282)

Fix CVE-2012-5526 escape new-lines in Set-Cookie and P3P HTTP response headers properly in CGI-3.52. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

5CVSS5.3AI score0.03261EPSS
Exploits0References4
Atlassian
Atlassian
added 2012/09/07 4:57 a.m.23 views

The application should return caching directives instructing browsers not to store local copies of any sensitive data.

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-29625. panel We want to control the server's caching directives from within individual scripts. We have identified following locations, wher...

0.4AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/04/02 12:0 a.m.32 views

Fedora 15 : nginx-1.0.14-1.fc15 (2012-4006)

Update to upstream release 1.0.14 to fix: malformed HTTP response headers leads to information leak. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

5CVSS5.3AI score0.10417EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2011/08/16 12:0 a.m.271 views

Oracle GlassFish HTTP Server Version

The remote host is running an Oracle GlassFish HTTP Server, a Java EE application server. It was possible to read the version number from the HTTP response headers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid55930; scriptversion"1.13";...

5.5AI score
Exploits0References1
NVD
NVD
added 2009/08/31 4:30 p.m.26 views

CVE-2009-3017

Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, ...

4.3CVSS5.6AI score0.01062EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2009/08/31 4:30 p.m.19 views

CVE-2009-3015

QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header that contains a javascript: URI, 2...

4.3CVSS5.8AI score0.00912EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2009/03/11 12:0 a.m.30 views

GLSA-200903-23 : Adobe Flash Player: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200903-23 Adobe Flash Player: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard allows ActionScript programs to execute the method without user...

10CVSS6.4AI score0.79426EPSS
Exploits15References18
Gentoo Linux
Gentoo Linux
added 2009/03/10 12:0 a.m.59 views

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Description Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard...

10CVSS8.9AI score0.79426EPSS
Exploits15
Ubuntu
Ubuntu
added 2009/02/10 11:13 p.m.66 views

USN-717-1: Firefox and Xulrunner vulnerabilities

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2009-0352, CVE-2009-0353 A flaw was discovered in the JavaScript engine. An attacker could bypass the same-origin policy i...

10CVSS8.8AI score0.04331EPSS
Exploits0
NVD
NVD
added 2009/02/05 12:30 a.m.28 views

CVE-2008-6059

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

5CVSS6.2AI score0.01946EPSS
Exploits0References4
Cvelist
Cvelist
added 2009/02/05 12:0 a.m.29 views

CVE-2008-6059

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the 1 Set-Cookie and 2 Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly...

6.2AI score0.01946EPSS
Exploits0References4
CVE
CVE
added 2009/02/04 7:0 p.m.132 views

CVE-2009-0357

CVE-2009-0357 affects Mozilla Firefox (before 3.0.6) and SeaMonkey (before 1.1.15). The vulnerability stems from not properly restricting access from web pages to the Set-Cookie/Set-Cookie2 HTTP response headers, allowing an attacker to read cookie data via XMLHttpRequest calls and potentially ex...

5CVSS9.1AI score0.0156EPSS
Exploits0References27Affected Software2
NVD
NVD
added 2008/11/10 2:12 p.m.18 views

CVE-2008-4818

Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers...

4.3CVSS5.5AI score0.04731EPSS
Exploits0References18
UbuntuCve
UbuntuCve
added 2008/11/10 2:12 p.m.24 views

CVE-2008-4818

Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers...

4.3CVSS6AI score0.04731EPSS
Exploits0References1
Prion
Prion
added 2008/11/10 2:12 p.m.27 views

Cross site scripting

Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers...

4.3CVSS5.7AI score0.04731EPSS
Exploits0References18Affected Software1
CVE
CVE
added 2008/11/10 11:0 a.m.124 views

CVE-2008-4818

CVE-2008-4818 is an XSS in Adobe Flash Player related to how HTTP response headers are interpreted. The vulnerability affects Flash Player 9.0.124.0 and earlier. In Red Hat advisories, fixes are delivered via flash-plugin updates: RHSA-2008-0980 for older RHEL3/4/others (updating to Flash Player ...

4.3CVSS5.4AI score0.04731EPSS
Exploits0References18Affected Software1
NVD
NVD
added 2006/06/02 8:2 p.m.20 views

CVE-2006-2786

HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via 1 invalid HTTP response headers with spaces...

2.6CVSS6.2AI score0.01766EPSS
Exploits0References47
Cvelist
Cvelist
added 2006/06/02 8:0 p.m.26 views

CVE-2006-2786

HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via 1 invalid HTTP response headers with spaces...

6.2AI score0.01766EPSS
Exploits0References47
securityvulns
securityvulns
added 2001/12/01 12:0 a.m.74 views

Other Web Servers vulnerable to %3f.jsp directory listing

I tried posting to Bugtraq...but perhaps this is the more appropriate mailing list. Anyways here are some Response headers to servers that are vulnerable to the 3f.jsp directory listing exploit -Slow2Show- University of Florida HTTP/1.0 200 OK Date: Fri, 30 Nov 2001 03:43:27 GMT Server:...

1.5AI score
Exploits0
Rows per page
Query Builder