873 matches found
jenkins-2-plugin: email-ext: CSRF vulnerability in Email Extension Plugin
A flaw was found in the Jenkins Email Extension Plugin. Affected versions of the Jenkins Email Extension Plugin are vulnerable to cross-site request forgery caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker...
WordPress Easy Google Maps plugin cross-site request forgery vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress Easy Google Maps plugin version 1.11.7 and earlier versions. The vulnerability stem...
Security Bulletin: Open Source Dependency Vulnerability
Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details IBM X-Force ID: 239925 DESCRIPTION: Apollo GraphQL Apollo Server is vulnerable to web cache poisoning, caused by improper handling of cache-control response header. By modifying HTTP request headers, an...
GHSA-6VCF-CFJP-QXCW LavaLite vulnerable to web cache poisoning
LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning...
LavaLite vulnerable to web cache poisoning
LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning...
CVE-2023-27238
LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning...
CVE-2023-27238
LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning...
Design/Logic Flaw
LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning...
CVE-2023-27238
LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning...
CVE-2023-27238
LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning...
CVE-2023-27238
CVE-2023-27238 affects LavaLite CMS v9.0.0, described in the provided documents as vulnerable to web cache poisoning. The materials do not specify the exact vulnerable component, root cause, affected configurations, or exploit details. Exploitation status is not described in the supplied document...
Security Bulletin: AIX is vulnerable to HTTP request smuggling due to Perl (CVE-2022-31081)
Summary A vulnerability in libwww-perl could allow an attacker to poison web caches, bypass web application firewall protection, and conduct XSS attacks CVE-2022-31081. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2022-31081 DESCRIPTION: Libwww is vulnerab...
AIX is vulnerable to HTTP request smuggling due to Perl
IBM SECURITY ADVISORY First Issued: Wed May 3 09:23:25 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/perladvisory6.asc Security Bulletin: AIX is vulnerable to HTTP request smuggling due to Perl CVE-2022-31081...
K16828: Apache Tomcat vulnerability CVE-2005-2090
Security Advisory Description Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length...
Security Bulletin: A cross-site request forgery vulnerability affects the IBM FlashSystem models 840 and 900 (CVE-2015-7446)
Summary There is a cross-site request forgery vulnerability to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could allow cross-site scripting attacks, Web cache poisoning, and other malicious activities. Vulnerability Details CVEID:...
SUSE CVE-2005-0095
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service crash via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCPISEEYOU cache numbers...
SUSE CVE-2005-2090
Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...
SUSE CVE-2016-5288
Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox 49.0.2...
SUSE CVE-2018-7323
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing...
SUSE CVE-2020-28473
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...