161 matches found
CVE-2017-10788
The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impact by triggering 1 certain error responses from a MySQL server or 2 a loss of a network connection to a MySQL server. The...
CVE-2016-9748
IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system...
IBM B2B Advanced Communications Information Disclosure Vulnerability
IBM B2B Advanced Communication is a communication gateway product from IBM USA. An information disclosure vulnerability exists in IBM B2B Advanced Communications versions 1.0.0.2 and 1.0.0.3. An attacker can exploit the vulnerability to obtain sensitive information in error response messages with...
UBUNTU-CVE-2015-3167
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack...
CVE-2015-2206
libraries/selectlang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to...
Cross site request forgery (csrf)
libraries/selectlang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to...
RHEL 5 / 6 : httpd (RHSA-2012:0542)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0542 advisory. The Apache HTTP Server httpd is the namesake project of The Apache Software Foundation. It was discovered that the Apache HTTP Server di...
Multiple DNS NO SUCH NAME Error Responses (CVE-2012-0006)
The Domain Name System DNS is an hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. When a DNS client needs to look up a name used in a program, it queries DNS servers to resolve the name. If the query names are...
httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled
Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by...
CVE-2012-4403
theme/yuicombo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response...
Design/Logic Flaw
theme/yuicombo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response...
CVE-2012-4403
theme/yuicombo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response...
CVE-2012-4403
Moodle 2.3.x before 2.3.2 is affected by CVE-2012-4403 due to improper construction of error responses in theme/yui_combo.php for the drag‑and‑drop script. This allows an unauthenticated remote attacker to discover the installation path by requesting a nonexistent resource and reading the respons...
ASP-DEv XM Forums RC 3 SQL Injection
. \ || \ \ \ / \ /\ \ |/ \ | / \ | | / | Y Y / \ | \ \ /|| |||| / /| / / / / / Exploit Title: ASP-DEv XM Forums RC 3 Remote Post Sql Injection Vulnerability Google Dork: Intext:"Powered by ASP-DEv XM Forums RC 3" Date: 08/29/2012 Author: Crim3R Site : Http://Ajaxtm.com/ Download Link :...
httpd: cookie exposure due to error responses
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...
SuSE 10 Security Update : Apache2 (ZYPP Patch Number 7972)
This update of apache fixes regressions and several security problems : - Fixed a scoreboard corruption shared mem segment by child causes crash of privileged parent invalid free during shutdown. bnc741243, CVE-2012-0031 - Fixed an issue in error responses that could expose 'httpOnly' cookies whe...
apache2: fixed various security bugs (important)
This update of apache2 fixes regressions and several security problems: bnc728876, fix graceful reload bnc741243, CVE-2012-0031: Fixed a scoreboard corruption shared mem segment by child causes crash of privileged parent invalid free during shutdown. bnc743743, CVE-2012-0053: Fixed an issue in...
Apache Httpd < 2.0.65 : error responses can expose cookies
A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified...
NTP mode 7 denial-of-service vulnerability
Overview NTP contains a vulnerability in the handling of mode 7 requests, which can result in a denial-of-service condition. Description NTP mode 7 MODEPRIVATE is used by the ntpdc query and control utility. In contrast, ntpq uses NTP mode 6 MODECONTROL, while routine NTP time transfers use modes...
Apache Tomcat Detection (HTTP)
HTTP based detection of Apache Tomcat. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.800371";...