7 matches found
EUVD-2009-1705
Malware in sbrugna...
SUSE CVE-2009-1710
WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of 1 the host name, 2 security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property...
GHSA-PQW5-JMP5-PX4V parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing
parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL's protocol as ssh. It may also parse the host name incorrectly...
parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing
parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL's protocol as ssh. It may also parse the host name incorrectly...
Improper Input Validation
url-js is vulnerable to improper input validation. The vulnerability exists in parseUrl function in parseUrl.js because the inputs are not parsed properly which allows an attacker to perform host name spoofing...
nodejs: Hostname spoofing in URL parser for javascript protocol
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" e.g. "javAscript:" protoc...
CVE-2013-6422
The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification CURLOPTSSLVERIFYPEER, also disables the CURLOPTSSLVERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle MITM...