134 matches found
Cisco Firepower System Software Security Bypass Vulnerability
Cisco Firepower System Software is a next-generation firewall product NGFW from Cisco. A security bypass vulnerability exists in the malicious file detection and blocking feature of Cisco Firepower System Software. As the program fails to properly validate fields in the HTTP header. A remote...
The vulnerability of the Moodle learning management system allows a hacker to redirect users to arbitrary websites.
The vulnerability of the cleanparam function in the Moodle learning management system’s library/moodlelib.php file is related to the use of open redirection. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary websites and carry out phishing attacks through actio...
CVE-2016-1138
CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors...
DEBIAN-CVE-2015-1779
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...
UBUNTU-CVE-2015-7208
Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers...
Piwik PHP Object Injection Vulnerability
Piwik formerly known as phpMyVisites is an open source website access statistics system based on PHP5 and MySQL. A security vulnerability exists in the 'DisplayTopKeywords' function in the plugins/Referrers/Controller.php script of Piwik versions prior to 2.15.0. A remote attacker can exploit thi...
Kaseya Virtual System Administrator Remote Code Execution Vulnerability
Kaseya Virtual System Administrator is a suite of IT system management platforms for simplifying and automating IT services. Kaseya Virtual System Administrator's json.ashx handles HTTP headers without restricting the destination file path, allowing remote attackers to submit a special request to...
pidgin: DoS when parsing certain HTTP response headers
util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service application crash via a crafted response...
UBUNTU-CVE-2012-5875
Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service NULL pointer dereference via a 1 crafted Connection HTTP header; a return carriage control character in the 2 Accept Language header, 3 User-agent header, 4 Host header, or 5 protocol version; or a 6 crafted HTTP...
OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted HTTP headers, which are not...
OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted HTTP headers, which are not...
OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted HTTP headers, which are not...
OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted HTTP headers, which are not...
squid: DoS in cache updates
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service crash via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects...