Lucene search
K

30 matches found

OSV
OSV
added 2022/05/13 1:12 a.m.3 views

GHSA-VM9C-39JX-Q45W Moodle vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file that had been previously retrieved by a caching proxy...

6.9CVSS6.3AI score0.01538EPSS
Exploits1References6
Hacker One
Hacker One
added 2021/12/11 8:52 p.m.30 views

Glassdoor: Web Cache Poisoning leads to Stored XSS

@bombon reported to us a web cache poisoning issue that led to caching of gdTokenAnti-CSRF token across different Glassdoor pages and in some instances could be chained to perform XSS by caching the XSS payload. This has now been resolved using CF web cache armor and cache-control headers...

6.2AI score
Exploits0
Huntr
Huntr
added 2021/10/08 4:12 p.m.8 views

in publify/publify

Description publify does not use secure Cache-Control headers. Proof of Concept 1: Login to application 2: click on admin link https://demo-publify.herokuapp.com/admin 3: Logout 4: Press the back button of the opened tab to still see that you can view the information . Impact This issue is capabl...

Exploits0References1
Huntr
Huntr
added 2021/10/08 2:23 a.m.10 views

in bookstackapp/bookstack

Description Bookstack does not use secure Cache-Control headers. Proof of Concept 1: Login to application 2: View a shelf 3: Logout 4: Press the back button of the opened tab to still see that you can view the information about books previous page of your shelf. Impact This issue is capable of...

1.1AI score
Exploits0References1
OSV
OSV
added 2020/06/24 11:15 p.m.3 views

UBUNTU-CVE-2020-15005

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...

3.1CVSS5.8AI score0.01302EPSS
Exploits0References7
Prion
Prion
added 2015/10/14 7:59 p.m.16 views

Design/Logic Flaw

Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache...

2.1CVSS6.2AI score0.00539EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2015/10/14 7:0 p.m.24 views

CVE-2015-7368

Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache...

5.7AI score0.00539EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2010/08/04 9:30 p.m.7 views

httpd mod_cache segfault

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

5CVSS7.3AI score0.11786EPSS
Exploits0References4
OSV
OSV
added 2007/06/27 5:30 p.m.9 views

CVE-2007-1863

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

7.4AI score
Exploits0References86
OSV
OSV
added 2007/06/27 5:30 p.m.1 views

DEBIAN-CVE-2007-1863

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

5CVSS8.8AI score0.11786EPSS
Exploits0References1
Rows per page
Query Builder