Lucene search
+L

142 matches found

Mageia
Mageia
added 2016/11/25 5:4 p.m.33 views

Updated lighttpd packages fix security vulnerability

Dominic Scheirlinck and Scott Geary of Vend reported an insecure behaviour in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTPPROXY environment variables. This could be used to carry out Man in the Middle Attacks MIDM or create connections to...

0.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/08/15 12:0 a.m.38 views

Debian DSA-3642-1 : lighttpd - security update

Dominic Scheirlinck and Scott Geary of Vend reported insecure behavior in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTPPROXY environment variables, allowing remote attackers to carry out Man in the Middle MITM attacks or initiate connections ...

7AI score
Exploits0References4
OpenVAS
OpenVAS
added 2016/08/05 12:0 a.m.21 views

Debian Security Advisory DSA 3642-1 (lighttpd - security update)

Dominic Scheirlinck and Scott Geary of Vend reported insecure behavior in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTPPROXY environment variables, allowing remote attackers to carry out Man in the Middle MITM attacks or initiate connections ...

7.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2016/08/02 12:0 a.m.213 views

Apache Tomcat 'CGI Servlet' MITM Vulnerability

Apache Tomcat is prone to a man-in-the-middle MITM vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

8.1CVSS7.1AI score0.50896EPSS
Exploits0References3
CERT
CERT
added 2016/07/18 12:0 a.m.162 views

CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables

Overview Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTPPROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle MITM attacks on internal subrequests or to direct the server to initiate connection...

7.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2016/04/11 12:0 a.m.11 views

PT-2016-3676 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions 1.8.0 through 1.8.3 Foreman versions 1.9.0 through 1.9.0 Description: The issue allows remote authenticated users with the view reports permission to read reports from arbitrary hosts or remote authenticated users with the...

6CVSS4.2AI score0.01164EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2015/10/30 9:58 a.m.10 views

CVE-1999-0523

ICMP echo ping is allowed from arbitrary hosts...

7.3AI score0.01327EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2015/10/30 9:58 a.m.157 views

CVE-1999-0524

ICMP information such as 1 netmask and 2 timestamp is allowed from arbitrary hosts...

2.1CVSS7.1AI score0.31586EPSS
Exploits2References2
securityvulns
securityvulns
added 2014/07/21 12:0 a.m.24 views

DoS via fail2ban

Invalid logs parsing allows to ban arbitrary hosts...

5CVSS4.7AI score0.03235EPSS
Exploits2References1Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Microsoft Crypto API X.509 Certificate Validation - Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28548/info Microsoft's Crypto API library is prone to an information-disclosure vulnerability because HTTP requests to arbitrary hosts and ports may be automatically triggered when validating X.509 certificates. Successfu...

7.1AI score
Exploits0
Prion
Prion
added 2013/09/16 7:14 p.m.23 views

Cross site request forgery (csrf)

app/controllers/api/v1/hostscontroller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request...

7.5CVSS7.3AI score0.02395EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2012/09/15 10:37 a.m.17 views

CVE-2012-4001

The modpagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers...

5CVSS6.7AI score0.0068EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2012/01/18 7:21 p.m.3 views

mod_cluster: malicious worker nodes can register on any vhost

modcluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from ...

7.5CVSS6AI score0.03197EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/04/08 11:28 p.m.6 views

Flash plugin DNS rebinding

The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash SWF movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML...

5CVSS5.9AI score0.06153EPSS
Exploits1References4
exploitpack
exploitpack
added 2008/03/31 12:0 a.m.15 views

Microsoft Crypto API X.509 Certificate Validation - Remote Information Disclosure

Microsoft Crypto API X.509 Certificate Validation - Remote Information Disclosure source: https://www.securityfocus.com/bid/28548/info Microsoft's Crypto API library is prone to an information-disclosure vulnerability because HTTP requests to arbitrary hosts and ports may be automatically trigger...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2008/03/31 12:0 a.m.25 views

Microsoft Crypto API X.509 Certificate Validation - Remote Information Disclosure

source: https://www.securityfocus.com/bid/28548/info Microsoft's Crypto API library is prone to an information-disclosure vulnerability because HTTP requests to arbitrary hosts and ports may be automatically triggered when validating X.509 certificates. Successful exploits allow attackers to...

7.4AI score
Exploits0
Prion
Prion
added 2007/12/20 8:46 p.m.19 views

Code injection

Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter...

5.5CVSS6.9AI score0.02192EPSS
Exploits1References7Affected Software1
RedHat Linux
RedHat Linux
added 2007/12/18 11:52 p.m.8 views

Flash plugin DNS rebinding

The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash SWF movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML...

5CVSS6AI score0.06153EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2007/10/15 12:0 a.m.21 views

GLSA-200710-14 : DenyHosts: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200710-14 DenyHosts: Denial of Service Daniel B. Cid discovered that DenyHosts used an incomplete regular expression to parse failed login attempts, a different issue than GLSA 200701-01. Impact : A remote unauthenticated attacker...

6.8CVSS5.8AI score0.01481EPSS
Exploits0References2
Cvelist
Cvelist
added 2007/10/08 11:0 p.m.33 views

CVE-2007-5275

The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash SWF movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML...

6.4AI score0.06153EPSS
Exploits1References28
Rows per page
Query Builder