Lucene search
K

332 matches found

RedHat Linux
RedHat Linux
added 2010/08/04 9:30 p.m.8 views

httpd mod_cache segfault

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

5CVSS7.3AI score0.11786EPSS
Exploits0References4
seebug.org
seebug.org
added 2010/07/29 12:0 a.m.20 views

MediaWiki api.php脚本信息泄露漏洞

BUGTRAQ ID: 42019 MediaWiki是著名的wiki程序,运行于PHP+MySQL环境。 MediaWiki的api.php脚本没有正确地对缓存数据强制Cache-Control头,远程攻击者可以通过公开缓存头请求保密数据,包括文章标题和内容、已删除文章的内容、用户邮件地址或watchlist等。成功攻击要求攻击者能够使用与受害用户相同的HTTP代理服务器。 MediaWiki 1.8 - 1.15.4 厂商补丁: MediaWiki --------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/02/24 12:0 a.m.33 views

Debian DSA-2002-1 : polipo - denial of service

Several denial of service vulnerabilities have been discovered in polipo, a small, caching web proxy. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3305 A malicous remote server could cause polipo to crash by sending an invalid Cache-Control heade...

10CVSS5AI score0.10066EPSS
Exploits1References7
Prion
Prion
added 2009/12/24 4:30 p.m.21 views

Cross site request forgery (csrf)

Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service crash via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in httpparse.c, and possibly other...

5CVSS6.9AI score0.10066EPSS
Exploits0References6Affected Software1
seebug.org
seebug.org
added 2009/12/24 12:0 a.m.17 views

SOFT64 PHP Whois XSS Vulnerability

No description provided by source. Exploit Title: SOFT64 PHP Whois XSS Vulnerability Date: 24/12/2009 Author: bi0 Software Link: http://blog.soft64download.com/files/ajax-whois.rar /\ == \ /\ \ /\ \ \ \ \ \ \ \ \ /\ \ \ \ \ \ \ \ // // // 01000010 01101001 01001111...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2009/09/02 12:0 a.m.42 views

Network Appliance NetCache DoS

Error on Cache-Control: prefetch processing...

2.6AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2009/07/21 12:0 a.m.34 views

openSUSE Security Update : MozillaFirefox (MozillaFirefox-509)

The Mozilla Firefox browser is updated to version 3.0.6 fixing various security and stability issues. MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these...

10CVSS8.9AI score0.04331EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2009/07/21 12:0 a.m.27 views

openSUSE Security Update : MozillaFirefox (MozillaFirefox-509)

The Mozilla Firefox browser is updated to version 3.0.6 fixing various security and stability issues. MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these...

10CVSS8.9AI score0.04331EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.43 views

Ubuntu 8.04 LTS / 8.10 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-717-1)

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2009-0352, CVE-2009-0353 A flaw was discovered in the JavaScript engine. An attacker could bypass the same-origin policy i...

10CVSS8.8AI score0.04331EPSS
Exploits0References7
Ubuntu
Ubuntu
added 2009/02/10 11:13 p.m.65 views

USN-717-1: Firefox and Xulrunner vulnerabilities

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2009-0352, CVE-2009-0353 A flaw was discovered in the JavaScript engine. An attacker could bypass the same-origin policy i...

10CVSS8.8AI score0.04331EPSS
Exploits0
securityvulns
securityvulns
added 2009/02/05 12:0 a.m.75 views

Mozilla Foundation Security Advisory 2009-06

Mozilla Foundation Security Advisory 2009-06 Title: Directives to not cache pages ignored Impact: Low Announced: February 3, 2009 Reporter: Paul Nel Products: Firefox Fixed in: Firefox 3.0.6 Description Paul Nel reported that certain HTTP directives to not cache web pages, Cache-Control: no-store...

3.3CVSS0.00521EPSS
Exploits0
NVD
NVD
added 2009/02/04 7:30 p.m.17 views

CVE-2009-0358

Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...

3.3CVSS5.5AI score0.00521EPSS
Exploits0References19
UbuntuCve
UbuntuCve
added 2009/02/04 7:30 p.m.29 views

CVE-2009-0358

Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...

3.3CVSS7.2AI score0.00521EPSS
Exploits0References2
Cvelist
Cvelist
added 2009/02/04 7:0 p.m.24 views

CVE-2009-0358

Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...

8.7AI score0.00521EPSS
Exploits0References19
RedHat Linux
RedHat Linux
added 2009/02/04 8:59 a.m.4 views

Firefox directives to not cache pages ignored

Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...

3.3CVSS7.4AI score0.00521EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2009/02/04 12:0 a.m.13 views

Mozilla Firefox 3.x < 3.0.6 Multiple Vulnerabilities

Binary data 4922.prm...

10CVSS7.3AI score0.04331EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2009/02/04 12:0 a.m.30 views

Firefox 3.0.x < 3.0.6 Multiple Vulnerabilities

The installed version of Firefox 3.0.x is earlier than 3.0.6. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that could lead to crashes with evidence of memory corruption. MFSA 2009-01 - A chrome XBL method can be...

10CVSS7.4AI score0.04331EPSS
Exploits0References13
Mozilla
Mozilla
added 2009/02/03 12:0 a.m.36 views

Directives to not cache pages ignored — Mozilla

Paul Nel reported that certain HTTP directives to not cache web pages, Cache-Control: no-store and Cache-Control: no-cache for HTTPS pages, were being ignored by Firefox 3. On a shared system, applications relying upon these HTTP directives could potentially expose private data. Another user on t...

3.3CVSS9.3AI score0.00521EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2008/05/12 7:20 p.m.13 views

Design/Logic Flaw

Unspecified versions of Microsoft Outlook Web Access OWA use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information...

1.9CVSS6.9AI score0.01545EPSS
Exploits0References3
NVD
NVD
added 2008/05/12 7:20 p.m.22 views

CVE-2008-2143

Unspecified versions of Microsoft Outlook Web Access OWA use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information...

1.9CVSS6.4AI score0.01545EPSS
Exploits0References3
Rows per page
Query Builder