232 matches found
chromium-browser: HSTS bypass in WebSockets
The URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for...
LG DVR LE6016D File Disclosure
---------------------------------------------------------------------- Title : LG DVR LE6016D - Remote File Disclosure Vulnerability 0day CVE-ID : none Product : LG Affected : All versions Impact : Critical Remote : Yes Product link:...
SuSE 11.3 Security Update : curl (SAT Patch Number 10166)
This update fixes the following security issues : - URL request injection bnc911363 When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. CVE-2014-8150 If the given URL contains line feeds and carriage returns those will be sent alo...
curl: url request injection
When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected...
FreeBSD : cURL -- URL request injection vulnerability (caa98ffd-0a92-40d0-b234-fd79b429157e)
cURL reports : When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP...
CURL-CVE-2014-8150 URL request injection
When libcurl sends a request to a server via an HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those are sent along to the proxy too, which allows the program to for example send a separate HTTP request injected...
Internet Bug Bounty: libcurl: URL request injection
libcurl: URL request injection CVE-2014-8150...
cURL -- URL request injection vulnerability
cURL reports: When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP...
CVE-2014-2373
The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript...
12Planet Chat Server 2.5 Error Message Installation Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7355/info When certain malformed URL requests are sent to a 12Planet Chat Server, the server's installation path may be revealed in the returned error message. This information could be used by a remote attacker to launch...
HP JetAdmin 6.0 Printing DoS Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1246/info By default JetAdmin Web Interface Server listens on port 8000. If a malformed URL request is sent to port 8000 this will cause the server services to stop responding. The service must be stopped and restarted to...
Cisco WebEx Meeting Server Sensitive Information Disclosure Vulnerability
A vulnerability in the XML programmatic interface XML PI of Cisco WebEx Meeting Server could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to disclosure of the meeting information. An attacker could exploit this vulnerability by sending a crafte...
CVE-2013-2870
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request...
CVE-2013-2870
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request...
CVE-2013-2870
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request...
CVE-2013-2870
CVE-2013-2870 is a use-after-free vulnerability in Chromium/Google Chrome prior to 28.0.1500.71 that allows a remote attacker to execute arbitrary code via crafted response traffic after a URL request. Multiple connected documents confirm the issue as a network-socket related use-after-free, with...
CVE-2013-2870
Removed by vendor...
SPlayer 3.7 Content-Type Buffer Overflow
This module exploits a vulnerability in SPlayer v3.7 or prior. When SPlayer requests the URL of a media file video or audio, it is possible to gain arbitrary remote code execution due to a buffer overflow caused by an exceeding length of data as the 'Content-Type' parameter. This module requires...
CVE-2010-2307
Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via 1 "//" multiple leading slash, 2 ../ dot dot sequences, and encoded dot dot sequences in a URL...
CVE-2009-2966
avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service CPU consumption and network connectivity loss via an HTTP URL request that contains a large number of dot "." characters...