Cisco CSS / ACE multiple security vulnerabilities

Certificate validation vulnerability, insufficient Web request validation...

Fedora 12 : mediawiki-1.15.3-53.fc12 (2010-6335)

This is a security and bugfix release of MediaWiki 1.15.3. Three security issues are fixed in this update: A CSS validation issue was discovered which allows editors to display external images in wiki pages. A data leakage vulnerability was discovered in thumb.php which affects wikis which restri...

CVE-2010-2651

The Cascading Style Sheets CSS implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...

CVE-2010-2629

The Cisco Content Services Switch CSS 11500 with software 8.20.4.02 and the Application Control Engine ACE 4710 with software A23.0 do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling...

Memory corruption

The Cascading Style Sheets CSS implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...

CVE-2010-2651

The Cascading Style Sheets CSS implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...

CVE-2010-2651

CVE-2010-2651 affects Google Chrome’s CSS rendering in versions before 5.0.375.99, where improper style rendering could allow remote attackers to trigger memory corruption (DoS or other impact) via unknown vectors. Documented in OpenVAS/Ubuntu USN entries and the Chrome 5.0.375.99 update (July 20...

CVE-2010-2651

Removed by vendor...

CVE-2010-1576

Mode C Vulnerability: CVE-2010-1576 affects Cisco CSS 11500 (pre-8.20.4.02) and Cisco ACE 4710 (pre-A2(3.0)); the issue is improper handling of HTTP header end-of-line sequences (LF, CR, LFCR vs CRLF), enabling header insertion bypass and HTTP request smuggling via crafted headers (e.g., ClientCe...

CVE-2010-1575

CVE-2010-1575 affects Cisco CSS 11500 (software 08.20.1.01) and Cisco ACE; root cause is weak enforcement of HTTP ClientCert-* headers during SSL termination, leaving room for an attacker to spoof client certificates and impersonate other users. Impact, as described, is potential authentication b...

CVE-2010-1575

The Cisco Content Services Switch CSS 11500 with software 08.20.1.01 conveys authentication data through ClientCert- headers but does not delete client-supplied ClientCert- headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a...

CVE-2010-2629

CVE-2010-2629 and CVE-2010-1576 describe HTTP header handling flaws in Cisco CSS 11500 and ACE 4710, enabling HTTP request smuggling via LF/CRLF header terminators and potential header spoofing of ClientCert-* fields when GET lines are CRLF-terminated and mixed newline sequences occur. The issue ...

CVE-2010-2651

The Cascading Style Sheets CSS implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...

UBUNTU-CVE-2010-2651

The Cascading Style Sheets CSS implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...

Google Chrome < 5.0.375.99 Multiple Vulnerabilities

Binary data 800949.prm...

Google Chrome < 5.0.375.99 Multiple Vulnerabilities

Binary data 5591.pasl...

Google Chrome < 5.0.375.99 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 5.0.375.99. It therefore is reportedly affected by multiple vulnerabilities : - An unspecified error allows an out-of-bounds read with WebGL. Issue 42396 - An unspecified error exists in the process of isolating sandboxed...

Multiple Cisco CSS / ACE Client Certificate And HTTP Header Manipulation Vulnerabilities

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities Release Date: 2010-07-02 Application:...

Cisco CSS Content Services Switch and ACE Application Control Engine HTTP SSL Header Spoofing Vulnerability

Cisco CSS Content Services Switch CSS, SSL Services Module SSLM, and ACE Application Control Engine ACE contain a vulnerability that could allow an authenticated, remote attacker to insert spoofed SSL headers into HTTP requests. The vulnerability exists because the affected products weakly enforc...

PenPals 1.0 SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail :...