Lucene search
K

43 matches found

Tenable Nessus
Tenable Nessus
added 2020/05/15 12:0 a.m.38 views

SUSE SLES12 Security Update : squid (SUSE-SU-2020:1227-1)

This update for squid fixes the following issues : CVE-2019-12519, CVE-2019-12521: fixes incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses bsc1169659. CVE-2020-11945: fixes a potential remote execution...

9.8CVSS6.7AI score0.27246EPSS
Exploits0References14
Check Point Advisories
Check Point Advisories
added 2020/03/26 12:0 a.m.5 views

Citrix Gateway Cache Bypass (CVE-2020-10111)

A cache bypass vulnerability exists in Citrix Gateway. Successful exploitation of this vulnerability could allow a remote attacker to gain unauthorized access to the affected system...

5CVSS4.9AI score0.0195EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/03/09 12:0 a.m.194 views

Citrix Gateway 11.1 / 12.0 / 12.1 Cache Bypass

Advisory ID: SYSS-2020-006 Product: Citrix Gateway Manufacturer: Citrix Systems, Inc. Affected Versions: 11.1, 12.0, 12.1 Tested Versions: 11.1.63.15, 12.0.63.13, 12.1.55.18 Vulnerability Type: Inconsistent Interpretation of HTTP Requests CWE-444 Risk Level: Low Solution Status: Open Manufacturer...

7.6AI score0.0195EPSS
Exploits3
myhack58
myhack58
added 2019/05/15 12:0 a.m.129 views

Used to bypass the posture formed SSRF acquiring India's biggest stock broker company AWS password credentials-vulnerability warning-the black bar safety net

Hello everyone, today share of it is the author in response to India's biggest stock broker company for security testing, by different levels of the bypassing techniques Bypass, and eventually acquired the company AWS password credentials in the process. Where to WAF bypassing, as well as further...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/05/13 12:0 a.m.42 views

Debian DSA-4441-1 : symfony - security update

Multiple vulnerabilities were discovered in the Symfony PHP framework which could lead to cache bypass, authentication bypass, information disclosure, open redirect, cross-site request forgery, deletion of arbitrary files, or arbitrary code execution. C Tenable Network Security, Inc. The...

9.8CVSS7.4AI score0.58061EPSS
Exploits1References11
Debian
Debian
added 2019/05/10 6:26 a.m.214 views

[SECURITY] [DSA 4441-1] symfony security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4441-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 10, 2019 https://www.debian.org/security/faq -...

9.8CVSS8.5AI score0.58061EPSS
Exploits1
CNVD
CNVD
added 2018/08/07 12:0 a.m.2 views

Code Execution Vulnerability in PHPMyWind v5.5

PHPMyWind is a PHP MySQL-based development , W3C-compliant building engine . A code execution vulnerability exists in PHPMyWind v5.5. The vulnerability originates from updating variables in the cache file, bypassing the filter, continue to generate custom code files, an attacker can exploit the...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2018/05/17 9:54 a.m.78 views

Nethammer—Exploiting DRAM Rowhammer Bug Through Network Requests

Last week, we reported about the first network-based remote Rowhammer attack, dubbed Throwhammer, which involves the exploitation a known vulnerability in DRAM through network cards using remote direct memory access RDMA channels. However, a separate team of security researchers has now...

2.1AI score
Exploits0
n0where
n0where
added 2017/05/31 10:45 p.m.34 views

Run HTTP Flood DDoS Attacks: Wreckuests

Stress Testing: Run HTTP Flood DDoS Attacks Wreckuests is a script, which allows you to run DDoS attacks with HTTP-floodGET/POST. It’s written in pure Python and uses proxy-servers as “bots”. This script is published for educational purposes only! Features Cache bypass with random ?abcd=efg...

7.4AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2014/09/16 12:0 a.m.3 views

PT-2014-2325 · Plone +1 · Plone +1

Name of the Vulnerable Software and Affected Versions: Plone versions prior to 4.2.3 Plone version 4.3 before beta 1 Description: The issue allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection. This is related to the queryCatalog.py script...

8.7CVSS6.2AI score0.02641EPSS
Exploits0References25
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Microsoft Internet Explorer 6.0 Double Slash Cache Zone Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8980/info A vulnerability has been reported in Internet Explorer that may allow cached Internet content to be rendered in the My Computer zone. It is possible to exploit this issue by including an extra slash when...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2013/08/27 12:0 a.m.27 views

JBoss Enterprise Application Platform远程EJB调用连接缓存处理验证绕过漏洞

CVE ID:CVE-2013-4213 JBOSS是一个基于J2EE的开放源代码的应用服务器 JBoss Enterprise Application Platform在通过EJB客户端API处理相关远程EJB调用连接的服务器缓存时存在一个缺陷,远程攻击者可利用EJB客户端绕过验证,以其他用户账户上下文登录,并访问数据和执行操作 0 JBoss Enterprise Application Platform 6.1.0 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息: http://rhn.redhat.com/errata/RHSA-2013-1151.html...

6.4CVSS0.1AI score0.02473EPSS
Exploits1
CVE
CVE
added 2009/06/15 7:0 p.m.73 views

CVE-2009-2070

CVE-2009-2070 describes a vulnerability in Opera where a proxy’s 4xx/5xx CONNECT responses trigger the browser to accept a forged certificate from the proxy in a single request, enabling a man‑in‑the‑middle attack. An attacker could then send a crafted 502 response on a subsequent request to spoo...

6.8CVSS7.1AI score0.00839EPSS
Exploits0References3Affected Software1
seebug.org
seebug.org
added 2007/07/11 12:0 a.m.22 views

Mozilla Firefox WYCIWYG:// URI绕过缓存区限制漏洞

BUGTRAQ ID: 24831 Mozilla Firefox是一款非常流行的开源WEB浏览器。 Firefox实现的wyciwyg://伪URI资源类型的访问控制存在漏洞,远程攻击者可能利用此漏洞获取Web浏览器相关的敏感信息。 wyciwyg://伪URI资源类型用于整理和引用本地所缓存的页面,但wyciwyg:// URI的访问控制并不充分,用户可通过XMLHttpRequest或IFRAMEd view-source:访问所缓存的文档。尽管仍正确地实现同域策略,但恶意站点可以绕过cookie设置向用户计算机存储任意标记;如果结合HTTP...

6.9AI score
Exploits0
Debian CVE
Debian CVE
added 2005/02/08 5:0 a.m.30 views

CVE-2005-0241

The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size...

5CVSS3.6AI score0.69661EPSS
Exploits0
Exploit DB
Exploit DB
added 2003/10/05 12:0 a.m.17 views

Microsoft Internet Explorer 6 - Double Slash Cache Zone Bypass

source: https://www.securityfocus.com/bid/8980/info A vulnerability has been reported in Internet Explorer that may allow cached Internet content to be rendered in the My Computer zone. It is possible to exploit this issue by including an extra slash when referencing cached content from within a...

7.4AI score
Exploits0
CERT
CERT
added 2000/11/16 12:0 a.m.36 views

MS ActiveMovieControl Object downloads arbitrary files

Overview Description This vulnerability is actually the same as the Cache Bypass issue described in VU38950. This document is provided for people looking for information based on publicly available exploits using the Active Movie control. The flaw is not in the Active Movie control per se, but...

7.5CVSS7AI score0.07402EPSS
Exploits0References3
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.28 views

CVE-2000-0621

Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability...

6.4AI score0.22312EPSS
Exploits0References4
CVE
CVE
added 2000/10/13 4:0 a.m.60 views

CVE-2000-0621

The CVE-2000-0621 issue affects Microsoft Outlook 98/2000 and Outlook Express 4.0x/5.0x. A malformed HTML message can cause files to be stored outside the local cache, placing them under the Local Computer Zone instead of the Internet Zone. This bypasses the intended security boundaries and can b...

7.5CVSS6.4AI score0.22312EPSS
Exploits0References4Affected Software2
CERT
CERT
added 2000/10/06 12:0 a.m.26 views

MS Outlook "Cache Bypass" allows attackers to circumvent Internet Zone security policy

Overview Microsoft has recently released Microsoft Security Bulletin MS00-046, in which they announced a patch for the "Cache Bypass" vulnerability. By exploiting this vulnerability, an attacker can use an HTML-formatted message to read certain types of files on the victim's machine. In addition,...

7.5CVSS6.5AI score0.22312EPSS
Exploits0References3
Rows per page
Query Builder