CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

UBUNTU-CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

CVE-2018-5704

CVE-2018-5704 affects OpenOCD 0.10.0, enabling cross‑protocol scripting via crafted web content that can trigger arbitrary command execution on the host (targeted by HTTP POST to 127.0.0.1:4444). Public advisories note a remedy: OpenOCD defaults bound to localhost and patches/upstream fixes have ...

CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

CVE-2016-10517

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol but commonly occur when an attack triggers an HTTP request to the Redis TCP port. Mitigation This issue can be mitigated by configuri...

Debian DLA-1161-1 : redis security update

It was discovered that there was a 'Cross Protocol Scripting' attack in the Redis key-value database. 'POST' and 'Host:' command strings which are not valid in the Redis protocol were not immediately rejected when an attacker makes HTTP request to the Redis TCP port. For Debian 7 'Wheezy', this...

[SECURITY] [DLA 1161-1] redis security update

Package : redis Version : 2:2.4.14-1+deb7u2 CVE ID : CVE-2016-1051 It was discovered that there was a "Cross Protocol Scripting" attack in the Redis key-value database. "POST" and "Host:" command strings which are not valid in the Redis protocol were not immediately rejected when an attacker make...

Redis Cross Protocol Scripting Vulnerability

networking.c in Redis allows SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:redis:redis"; if description...

Cross site scripting

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol but commonly occur when an attack triggers an HTTP request to the Redis TCP port...

CVE-2016-10517

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol but commonly occur when an attack triggers an HTTP request to the Redis TCP port...

UBUNTU-CVE-2016-10517

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol but commonly occur when an attack triggers an HTTP request to the Redis TCP port...

CVE-2016-10517

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol but commonly occur when an attack triggers an HTTP request to the Redis TCP port...

CVE-2016-10517

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol but commonly occur when an attack triggers an HTTP request to the Redis TCP port...

CVE-2016-10517

CVE-2016-10517 describes a Cross Protocol Scripting vulnerability in Redis prior to 3.2.7. The issue arises in networking.c where Redis does not validate HTTP-like elements (POST and Host:) in data that can arrive on the Redis TCP port, allowing an HTTP-style request to be misinterpreted as a Red...

PT-2017-4250 · Redis +1 · Redis +1

Name of the Vulnerable Software and Affected Versions: Redis versions prior to 3.2.7 Description: The issue is related to the networking.c component of the Redis database management system, which lacks a check for POST and Host: strings. This allows for "Cross Protocol Scripting" and can be...

CVE-2016-4651

Cross-site scripting XSS vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting XPXSS" vulnerability...

UBUNTU-CVE-2016-4651

Cross-site scripting XSS vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting XPXSS" vulnerability...

Microsoft Internet Explorer 6 URI Handler Restriction Circumvention Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5730/info Microsoft Windows Internet Explorer 6.0 SP1 introduced restrictions for certain URI handlers such as file:// and res://. It has been demonstrated in the past that these URI handlers could be abused and...

LEVERAGING CROSS-PROTOCOL SCRIPTING IN MSIE

The following was researched and written before I installed IE SP1. read to the bottom to see whats changed LEVERAGING CROSS-PROTOCOL SCRIPTING IN MSIE ---------------------------------------------------------------------------- -------------------------- Introduction...