Lucene search
K

232 matches found

RedHat Linux
RedHat Linux
added 2015/04/16 8:33 a.m.3 views

chromium-browser: HSTS bypass in WebSockets

The URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for...

5CVSS7.4AI score0.01445EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2015/02/11 12:0 a.m.26 views

LG DVR LE6016D File Disclosure

---------------------------------------------------------------------- Title : LG DVR LE6016D - Remote File Disclosure Vulnerability 0day CVE-ID : none Product : LG Affected : All versions Impact : Critical Remote : Yes Product link:...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/02/02 12:0 a.m.43 views

SuSE 11.3 Security Update : curl (SAT Patch Number 10166)

This update fixes the following security issues : - URL request injection bnc911363 When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. CVE-2014-8150 If the given URL contains line feeds and carriage returns those will be sent alo...

5CVSS7.5AI score0.07432EPSS
Exploits0References13
ArchLinux
ArchLinux
added 2015/01/18 12:0 a.m.144 views

curl: url request injection

When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected...

4.3CVSS1AI score0.0681EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/01/12 12:0 a.m.45 views

FreeBSD : cURL -- URL request injection vulnerability (caa98ffd-0a92-40d0-b234-fd79b429157e)

cURL reports : When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP...

4.3CVSS7.5AI score0.0681EPSS
Exploits0References3
OSV
OSV
added 2015/01/08 8:0 a.m.8 views

CURL-CVE-2014-8150 URL request injection

When libcurl sends a request to a server via an HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those are sent along to the proxy too, which allows the program to for example send a separate HTTP request injected...

4.3CVSS7AI score0.0681EPSS
Exploits0
Hacker One
Hacker One
added 2014/12/25 12:0 a.m.57 views

Internet Bug Bounty: libcurl: URL request injection

libcurl: URL request injection CVE-2014-8150...

4.3CVSS9.3AI score0.0681EPSS
Exploits0
FreeBSD
FreeBSD
added 2014/12/25 12:0 a.m.37 views

cURL -- URL request injection vulnerability

cURL reports: When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP...

4.3CVSS8.9AI score0.0681EPSS
Exploits0References1
NVD
NVD
added 2014/11/05 11:55 a.m.10 views

CVE-2014-2373

The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript...

7.5CVSS7AI score0.01802EPSS
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

12Planet Chat Server 2.5 Error Message Installation Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7355/info When certain malformed URL requests are sent to a 12Planet Chat Server, the server's installation path may be revealed in the returned error message. This information could be used by a remote attacker to launch...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

HP JetAdmin 6.0 Printing DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1246/info By default JetAdmin Web Interface Server listens on port 8000. If a malformed URL request is sent to port 8000 this will cause the server services to stop responding. The service must be stopped and restarted to...

7.1AI score
Exploits0
Cisco
Cisco
added 2014/06/20 2:59 p.m.24 views

Cisco WebEx Meeting Server Sensitive Information Disclosure Vulnerability

A vulnerability in the XML programmatic interface XML PI of Cisco WebEx Meeting Server could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to disclosure of the meeting information. An attacker could exploit this vulnerability by sending a crafte...

4CVSS6.3AI score0.01299EPSS
Exploits0References1
NVD
NVD
added 2013/07/10 10:55 a.m.16 views

CVE-2013-2870

Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request...

9.3CVSS7.1AI score0.02333EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2013/07/10 10:55 a.m.22 views

CVE-2013-2870

Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request...

9.3CVSS6.2AI score0.02333EPSS
Exploits0References6
Cvelist
Cvelist
added 2013/07/10 10:0 a.m.22 views

CVE-2013-2870

Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request...

7AI score0.02333EPSS
Exploits0References7
CVE
CVE
added 2013/07/10 10:0 a.m.74 views

CVE-2013-2870

CVE-2013-2870 is a use-after-free vulnerability in Chromium/Google Chrome prior to 28.0.1500.71 that allows a remote attacker to execute arbitrary code via crafted response traffic after a URL request. Multiple connected documents confirm the issue as a network-socket related use-after-free, with...

9.3CVSS7.2AI score0.02333EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2013/07/10 10:0 a.m.21 views

CVE-2013-2870

Removed by vendor...

9.3CVSS6.6AI score0.02333EPSS
Exploits0
Metasploit
Metasploit
added 2011/05/11 12:18 a.m.11 views

SPlayer 3.7 Content-Type Buffer Overflow

This module exploits a vulnerability in SPlayer v3.7 or prior. When SPlayer requests the URL of a media file video or audio, it is possible to gain arbitrary remote code execution due to a buffer overflow caused by an exceeding length of data as the 'Content-Type' parameter. This module requires...

0.4AI score
Exploits0
NVD
NVD
added 2010/06/16 8:30 p.m.12 views

CVE-2010-2307

Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via 1 "//" multiple leading slash, 2 ../ dot dot sequences, and encoded dot dot sequences in a URL...

5CVSS7AI score0.08604EPSS
Exploits1References5
NVD
NVD
added 2009/08/25 5:30 p.m.23 views

CVE-2009-2966

avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service CPU consumption and network connectivity loss via an HTTP URL request that contains a large number of dot "." characters...

4.3CVSS6.6AI score0.06398EPSS
Exploits1References9
Rows per page
Query Builder