Lucene search
K

212 matches found

OpenVAS
OpenVAS
added 2010/11/02 12:0 a.m.79 views

Oracle Java System Web Server HTTP Response Splitting Vulnerability - Active Check

Oracle Java System Web Server is prone to an HTTP response splitting vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

4.3CVSS6.3AI score0.04485EPSS
Exploits0References4
NVD
NVD
added 2009/12/09 6:30 p.m.47 views

CVE-2009-2508

The single sign-on implementation in Active Directory Federation Services ADFS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previou...

6.9CVSS6.2AI score0.01262EPSS
Exploits1References3
Prion
Prion
added 2007/07/10 7:30 p.m.22 views

Design/Logic Flaw

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via 1 HTTP 302 redirect controls, 2...

6.8CVSS6.3AI score0.01966EPSS
Exploits1References45Affected Software1
UbuntuCve
UbuntuCve
added 2007/07/10 7:30 p.m.38 views

CVE-2007-3656

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via 1 HTTP 302 redirect controls, 2...

6.8CVSS7.2AI score0.01966EPSS
Exploits1References2
Cvelist
Cvelist
added 2007/07/10 7:0 p.m.23 views

CVE-2007-3656

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via 1 HTTP 302 redirect controls, 2...

9.2AI score0.01966EPSS
Exploits1References45
securityvulns
securityvulns
added 2007/03/28 12:0 a.m.154 views

Yahoo! Messenger Auth Bypass Vulnerability

This advisory is being provided to you under the policy documented at http://www.wiretrip.net/rfp/policy.html. You are encouraged to read this policy; however, in the interim, you have approximately 5 days to respond to this initial email. This policy encourages open communication, and I look...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/03/28 12:0 a.m.26 views

Yahoo Messenger information leak

Web mail authentication response reply with session identifier is saved in browser cache...

2AI score
Exploits0References1
securityvulns
securityvulns
added 2006/05/25 12:0 a.m.44 views

Write-up by Amit Klein: "IE + some popular forward proxy servers = XSS, defacement (browser cache poisoning)"

IE + some popular forward proxy servers = XSS, defacement browser cache poisoning Or "Exploiting the XmlHttpRequest object in IE" part II Amit Klein, May 2006 Preface ======= When I published my Exploiting the XmlHttpRequest object in IE - Referrer spoofing and a lot more..." 1 paper, I only...

0.1AI score
Exploits0
NVD
NVD
added 2003/08/27 4:0 a.m.24 views

CVE-2003-0531

Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability...

7.5CVSS6.9AI score0.26495EPSS
Exploits0References7
CERT
CERT
added 2003/08/25 12:0 a.m.26 views

Microsoft Internet Explorer does not properly evaluate Content-Type and Content-Disposition headers

Overview A cross-domain scripting vulnerability exists in the way Microsoft Internet Explorer IE evaluates Content-Type and Content-Disposition headers and checks for files in the local browser cache. This vulnerability could allow a remote attacker to execute arbitrary script in a different...

7.5CVSS7.4AI score0.26495EPSS
Exploits0References8
CVE
CVE
added 2003/08/22 4:0 a.m.64 views

CVE-2003-0531

CVE-2003-0531 maps to a vulnerability in Internet Explorer (IE) 5.01 SP3 through 6.0 SP1 where crafted Content-Type and Content-Disposition headers enable a remote attacker to access and execute script in the My Computer zone via the browser cache. The underlying flaw is IE’s handling of these he...

7.5CVSS7.7AI score0.26495EPSS
Exploits0References7Affected Software2
Cvelist
Cvelist
added 2003/08/22 4:0 a.m.37 views

CVE-2003-0531

Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability...

7.7AI score0.26495EPSS
Exploits0References7
Rows per page
Query Builder