Lucene search
K

35 matches found

Prion
Prion
added 2015/02/21 11:59 a.m.20 views

Design/Logic Flaw

The web framework in Cisco AsyncOS on Email Security Appliance ESA, Content Security Management Appliance SMA, and Web Security Appliance WSA devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and...

4.3CVSS7.2AI score0.02157EPSS
Exploits3References5
Cvelist
Cvelist
added 2015/02/21 11:0 a.m.30 views

CVE-2015-0624

The web framework in Cisco AsyncOS on Email Security Appliance ESA, Content Security Management Appliance SMA, and Web Security Appliance WSA devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and...

6.6AI score0.02157EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2015/01/20 12:0 a.m.26 views

ALCASAR 'index.php' Crafted HTTP Header RCE

The ALCASAR network access controller hosted on the remote web server is affected by a remote code execution vulnerability due to not properly sanitizing user-supplied input to the 'host' HTTP header passed to the 'index.php' script. A remote, unauthenticated attacker can exploit this issue to...

6.8AI score
Exploits0References2
NVD
NVD
added 2014/12/12 12:59 a.m.10 views

CVE-2014-7263

Cross-site scripting XSS vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP header, a different vulnerability than CVE-2014-7261...

4.3CVSS5.5AI score0.01502EPSS
Exploits0References3
Prion
Prion
added 2014/12/12 12:59 a.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP header, a different vulnerability than CVE-2014-7261...

4.3CVSS5.9AI score0.01502EPSS
Exploits0References3
CVE
CVE
added 2014/12/12 12:0 a.m.45 views

CVE-2014-7263

CVE-2014-7263 : i-HTTPD (Windows) contains a flaw in processing HTTP headers that enables cross‑site scripting via a crafted header. The vulnerability allows a remote attacker to induce arbitrary script execution in a user’s browser. The JVN entry notes this is a separate issue from CVE-2014-7261...

4.3CVSS5.7AI score0.01502EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/11/20 11:0 a.m.25 views

CVE-2014-8998

lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the pregreplace function with the eval switch...

7.2AI score0.359EPSS
Exploits2References4
UbuntuCve
UbuntuCve
added 2014/07/20 12:0 a.m.51 views

CVE-2014-0117

The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...

4.3CVSS6.9AI score0.35543EPSS
Exploits2References3
NVD
NVD
added 2014/06/13 2:55 p.m.25 views

CVE-2013-3843

Stack-based buffer overflow in the mkrequestheaderprocess function in mkrequest.c in Monkey HTTP Daemon monkeyd before 1.2.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP header...

6.8CVSS7.9AI score0.20179EPSS
Exploits3References6
Prion
Prion
added 2014/06/13 2:55 p.m.16 views

Stack overflow

Stack-based buffer overflow in the mkrequestheaderprocess function in mkrequest.c in Monkey HTTP Daemon monkeyd before 1.2.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP header...

6.8CVSS8.6AI score0.20179EPSS
Exploits3References6Affected Software1
UbuntuCve
UbuntuCve
added 2014/06/13 2:55 p.m.20 views

CVE-2013-3843

Stack-based buffer overflow in the mkrequestheaderprocess function in mkrequest.c in Monkey HTTP Daemon monkeyd before 1.2.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP header...

6.8CVSS6.1AI score0.20179EPSS
Exploits3References7
Prion
Prion
added 2013/08/09 11:55 p.m.18 views

Design/Logic Flaw

IBM Sterling B2B Integrator 5.0 and 5.1 allows remote attackers to cause a denial of service memory and CPU consumption via a crafted HTTP 1 Range or 2 Request-Range header...

5CVSS7AI score0.02027EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2011/07/21 11:0 p.m.29 views

CVE-2011-2882

Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data...

7.9AI score0.56368EPSS
Exploits10References2
Ubuntu
Ubuntu
added 2009/11/19 6:33 a.m.85 views

USN-860-1: Apache vulnerabilities

Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a machine-in-the-middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. The flaw is with TLS renegotiation and...

9.8CVSS7.5AI score0.87264EPSS
Exploits16
exploitpack
exploitpack
added 2007/02/14 12:0 a.m.13 views

Jupiter CMS 1.1.5 - Client-IP SQL Injection

Jupiter CMS 1.1.5 - Client-IP SQL Injection URL: http://www.acid-root.new.fr/advisories/12070214.txt / errorreportingEALL ^ ENOTICE; $url = 'http://localhost/jupiter/'; $xpl = new phpsploit; $xpl-agent"Mozilla"; $hev = "-1' UNION SELECT CONCAT'" ."BEGINXPLUSER'," ."SELECT username FROM users LIMI...

0.1AI score
Exploits0
Rows per page
Query Builder