Apple macOS nsurlstoraged Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handlin...

QQQ SYSTEMS vulnerable to cross-site scripting

Overview QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quiz.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on t...

MediaWiki SyntaxHighlight Extended HTML Injection Vulnerability

MediaWiki is a free, web-based wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers for the deployment of in-house knowledge management and content management systems. An HTML injection vulnerability exists in the MediaWiki SyntaxHighlight extension, which ste...

web2py Arbitrary Code Execution Vulnerability

web2py is a set of open source Web framework written in Python , it supports the rapid development of database-driven Web-based applications . A security vulnerability exists in the 'secureload' function of the gluon/utils.py file in versions of web2py prior to 2.14.2, which stems from the...

XSS vulnerability in phpok version 4.8.278

phpok is a set of enterprise website system developed by Shenzhen锟絪 technology limited company using PHP+MYSQL language. An XSS vulnerability exists in phpok version 4.8.278. The vulnerability stems from insufficient filtering of URL jump parameters, which can be exploited by attackers to obtain...

Kaltura 13.1.0 Code Execution / Cross Site Scripting Vulnerabilities

Exploit for php platform in category web applications Advisory: Kaltura - Remote Code Execution and Cross-Site Scripting Release Date: 2017/09/12 Author: Robin Verton email protected CVE: CVE-2017-14141, CVE-2017-14142, CVE-2017-14143 Application: Kaltura = 13.1.0 Risk: Critical Vendor Status:...

McAfee Network Data Loss Prevention Cross-Site Scripting Vulnerability (CNVD-2017-07553)

McAfee Network Data Loss Prevention is a data leakage protection solution. McAfee Network Data Loss Prevention NDLP suffers from a cross-site scripting vulnerability in the server implementation, which can be exploited by remote attackers to view session and cookie information by modifying HTTP...

Information disclosure

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to prob...

CVE-2016-10002

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to prob...

ALPINE-CVE-2016-10002

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to prob...

CVE-2016-10002

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to prob...

CVE-2016-10002

CVE-2016-10002 impacts Squid HTTP Proxy. The issue arises from incorrect handling of If-None-Modified responses, where connection-specific cookie data could be leaked across clients due to not removing headers when serving cached responses. Affected Squid lines include 3.1.10–3.1.23, 3.2.0.3–3.5....

CVE-2016-10002

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to prob...

Debian DLA-763-1 : squid3 security update

Saulius Lapinskas from Lithuanian State Social Insurance Fund Board discovered that Squid3, a fully featured web proxy cache, does not properly process responses to If-None-Modified HTTP conditional requests, leading to client-specific Cookie data being leaked to other clients. A remote attacker...

[SECURITY] [DSA 3745-1] squid3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3745-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 24, 2016 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-3745-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2016-0423 Updated squid packages fix security vulnerabilities

Incorrect processing of responses to If-None-Modified HTTP conditional requests leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information CVE-2016-10002. Incorrect HTTP Request header comparison...

IBM WebSphere Application Server Liberty Profile Information Disclosure Vulnerability

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform.Liberty Profile is a WAS dynamic server Liberty Profile is a...

CVE-2016-4326

The Chef Manage formerly opscode-manage add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie...

Chef Manage cookie data arbitrary code execution vulnerability

Chef is a management system that targets IT professionals and provides configuration management and automation capabilities for the entire infrastructure.Chef Manage is an enterprise-grade Chef plug-in. Chef Manage fails to properly validate user-supplied cookie data, allowing remote attackers to...