Lucene search
+L

343 matches found

ATTACKERKB
ATTACKERKB
added 2006/12/04 11:28 a.m.4 views

CVE-2006-6276

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting XSS, and poison web...

6.8CVSS5.3AI score0.0361EPSS
Exploits0References9
Cvelist
Cvelist
added 2006/12/04 11:0 a.m.31 views

CVE-2006-6276

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting XSS, and poison web...

6.2AI score0.0361EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2006/06/13 12:0 a.m.29 views

MS06-029: Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)

The remote host is running a version of the Outlook Web Access that contains cross-site scripting flaws. This vulnerability could allow an attacker to convince a user to run a malicious script. If this malicious script is run, it would execute in the security context of the user. Attempts to...

2.6CVSS5.5AI score0.39173EPSS
Exploits0References2
Cvelist
Cvelist
added 2006/04/19 4:0 p.m.17 views

CVE-2006-1829

EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of arbitrary users via unspecified vectors involving 1 connection caches, 2 open password prompts, and 3 stored custom connection profiles...

6.5AI score0.01224EPSS
Exploits0References6
Prion
Prion
added 2006/03/19 11:6 a.m.16 views

Crlf injection

CRLF injection vulnerability in inc/function.php in MyBulletinBoard MyBB 1.04 allows remote attackers to conduct cross-site scripting XSS, poison caches, or hijack pages via CRLF %0A%0D sequences in the Referrer HTTP header field, possibly when redirecting to other web pages...

4.3CVSS6.8AI score0.01365EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2005/11/22 8:3 p.m.30 views

CVE-2005-3751

HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers...

4.3CVSS9.1AI score0.01472EPSS
Exploits0References8
Cvelist
Cvelist
added 2005/11/22 8:0 p.m.30 views

CVE-2005-3751

HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers...

9.1AI score0.01472EPSS
Exploits0References8
NVD
NVD
added 2005/11/18 2:2 a.m.16 views

CVE-2005-3348

HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter...

4.3CVSS6.3AI score0.01978EPSS
Exploits1References17
Debian CVE
Debian CVE
added 2005/11/18 2:0 a.m.25 views

CVE-2005-3348

HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter...

4.3CVSS6.3AI score0.01978EPSS
Exploits1
CVE
CVE
added 2005/11/18 2:0 a.m.73 views

CVE-2005-3348

CVE-2005-3348 is a HTTP Response Splitting vulnerability in phpSysInfo (2.4 and earlier) used by phpGroupWare (0.9.16 and earlier) and eGroupWare (before 1.0.0.009). Exploitation via CRLF sequences in the charset parameter can cause web content spoofing and cache poisoning. OpenVAS entries (and D...

4.3CVSS6.2AI score0.01978EPSS
Exploits1References17Affected Software1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.22 views

Vulnerability in Exchange Server 5.5 Outlook Web Access XSS (842436)

The remote host is running a version of the Outlook Web Access which contains cross site scripting flaws. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

4.3CVSS6AI score0.20982EPSS
Exploits0References2
Cvelist
Cvelist
added 2005/10/25 4:0 a.m.24 views

CVE-2004-2512

CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the PHPSESSID parameter...

6.9AI score0.04592EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2005/07/05 12:0 a.m.39 views

Fedora Core 4 : kernel-2.6.12-1.1387_FC4 (2005-510)

Wed Jun 29 2005 Dave Jones - 2.6.12.2 - Mon Jun 27 2005 Dave Jones - Disable multipath caches. 161168 - Reenable AMD756 I2C driver for x86-64. 159609 - Add more IBM r40e BIOS's to the C2/C3 blacklist. - Thu Jun 23 2005 Dave Jones - Make orinoco driver suck less. Scanning/roaming/ethtool support...

2.1CVSS5.3AI score0.00455EPSS
Exploits0References1
NVD
NVD
added 2005/06/29 4:0 a.m.20 views

CVE-2005-2060

Multiple HTTP Response Splitting vulnerabilities in 1 toggleshow.php, 2 togglecats.php, and 3 showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the Cat parameter...

5CVSS6.6AI score0.01336EPSS
Exploits0References3
Cvelist
Cvelist
added 2005/06/28 4:0 a.m.22 views

CVE-2005-2060

Multiple HTTP Response Splitting vulnerabilities in 1 toggleshow.php, 2 togglecats.php, and 3 showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the Cat parameter...

6.6AI score0.01336EPSS
Exploits0References3
NVD
NVD
added 2005/06/16 4:0 a.m.14 views

CVE-2005-1951

Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF "%0d%0a" sequences in the 1 productsid or 2 pid parameter to index.php or 3 goto parameter to banner.php...

5CVSS6.8AI score0.02342EPSS
Exploits0References5
Cvelist
Cvelist
added 2005/06/14 4:0 a.m.17 views

CVE-2005-1951

Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF "%0d%0a" sequences in the 1 productsid or 2 pid parameter to index.php or 3 goto parameter to banner.php...

6.8AI score0.02342EPSS
Exploits0References5
CVE
CVE
added 2005/06/14 4:0 a.m.55 views

CVE-2005-1951

osCommerce 2.2 Milestone 2 and earlier are affected by CVE-2005-1951 due to HTTP Response Splitting in multiple parameters (products_id, pid in index.php and goto in banner.php). The vulnerability arises from hex-encoded CRLF sequences, enabling remote attackers to spoof content and potentially p...

5CVSS6.9AI score0.02342EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2005/06/14 12:0 a.m.22 views

MS05-029: Vulnerability in Exchange Server 5.5 Outlook Web Access XSS (895179)

The remote host is running a version of the Outlook Web Access that is affected by a cross-site scripting flaw. This vulnerability could allow an attacker to convince a user to run a malicious script. If this malicious script is run, it would execute in the security context of the user. Attempts ...

4.3CVSS5.3AI score0.14217EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2005/05/13 12:0 a.m.36 views

kernel -- information disclosure when using HTT

Problem description and impact When running on processors supporting Hyper-Threading Technology, it is possible for a malicious thread to monitor the execution of another thread. Information may be disclosed to local users, allowing in many cases for privilege escalation. For example, on a...

5.6CVSS6.5AI score0.00505EPSS
Exploits0References1
Rows per page
Query Builder