Lucene search
K

49 matches found

CVE
CVE
added 2019/10/15 8:49 p.m.58 views

CVE-2019-17601

CVE-2019-17601 affects MiniShare 1.4.1 and is due to a stack-based buffer overflow triggered by an HTTP CONNECT request, allowing arbitrary code execution. The vulnerability is identified across multiple records (NVD, Red Hat, CVE lists) and is described as a stack-based overflow in MiniShare 1.4...

9.8CVSS9.6AI score0.028EPSS
Exploits1References1Affected Software1
Kitploit
Kitploit
added 2017/09/07 9:0 p.m.25 views

XFLTReaT - Tunnelling Framework

This is just one thing of many things that was missing from the Internet. If you got tired of trying several tunnelling tools for each protocols, this must be your tool framework. Available modules TCP UDP ICMP SOCKS v4, 4a, 5 HTTP CONNECT DNS A/CNAME, PRIVATE, NULL - Proof of Concept Available...

7.3AI score
Exploits0References1
Debian CVE
Debian CVE
added 2017/03/24 3:0 p.m.47 views

CVE-2016-10130

The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...

5.9CVSS7.4AI score0.0171EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/08/26 12:0 a.m.11 views

Proxy HTTP CONNECT Detection

Binary data 9535.prm...

7.3AI score
Exploits0
CERT
CERT
added 2016/08/15 12:0 a.m.198 views

HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protected

Overview HTTP CONNECT requests and 407 Proxy Authentication Required messages are not integrity protected and are susceptible to man-in-the-middle attacks. WebKit-based applications are additionally vulnerable to arbitrary HTML markup and JavaScript execution in the context of the originally...

8AI score
Exploits0References2
Prion
Prion
added 2015/09/18 10:59 a.m.26 views

Code injection

The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...

5CVSS6.1AI score0.01698EPSS
Exploits0References8Affected Software3
Cvelist
Cvelist
added 2015/09/18 10:0 a.m.26 views

CVE-2015-5841

The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...

5.7AI score0.01698EPSS
Exploits0References8
CVE
CVE
added 2015/09/18 10:0 a.m.75 views

CVE-2015-5841

CVE-2015-5841 concerns the CFNetwork Proxies component on macOS/iOS. Root cause: improper handling of a Set-Cookie header in HTTP CONNECT responses, enabling a remote proxy to inject cookies via a crafted response. Public references in Apple advisories show mitigation by removing the Set-Cookie h...

5CVSS5.7AI score0.01698EPSS
Exploits0References8Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

WebWasher Classic 2.2/2.3 HTTP CONNECT Unauthorized Access

No description provided by source. source: http://www.securityfocus.com/bid/12394/info It is reported that WebWasher Classic is prone to a weakness that may allow remote attackers to connect to arbitrary ports on a vulnerable computer. This weakness may be combined with other attacks to exploit...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Astaro Security Linux 6.0 01 HTTP CONNECT Unauthorized Access Weakness

No description provided by source. source: http://www.securityfocus.com/bid/14665/info Astaro Security Linux is prone to a weakness that may allow remote attackers to connect to arbitrary ports on a vulnerable computer. This weakness may be combined with other attacks to exploit latent...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.34 views

Oracle Linux 6 : stunnel (ELSA-2013-0714)

The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2013-0714 advisory. 4.29-3 Resolves: CVE-2013-1762 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

6.6CVSS8.2AI score0.02932EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2013/04/15 12:0 a.m.28 views

CentOS Update for stunnel CESA-2013:0714 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.6CVSS8.5AI score0.02932EPSS
Exploits0References2
NVD
NVD
added 2009/06/15 7:30 p.m.25 views

CVE-2009-2062

Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site...

6.8CVSS6.5AI score0.00999EPSS
Exploits1References4
Prion
Prion
added 2009/06/15 7:30 p.m.20 views

Design/Logic Flaw

Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site...

6.8CVSS7.3AI score0.01415EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2009/06/15 7:0 p.m.33 views

CVE-2009-2060

src/net/http/httptransactionwinhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this...

6.6AI score0.01097EPSS
Exploits0References9
CVE
CVE
added 2009/06/15 7:0 p.m.65 views

CVE-2009-2061

CVE-2009-2061 affects Mozilla Firefox prior to 3.0.10. The vulnerability allows a man-in-the-middle to modify the 3xx HTTP CONNECT response before SSL handshake, enabling a 302 redirect to an arbitrary HTTPS site and potential arbitrary script execution in the context of an HTTPS page. The issue ...

9.3CVSS7.5AI score0.01234EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2009/06/15 7:0 p.m.30 views

CVE-2009-2062

Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site...

6.5AI score0.00999EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2009/02/13 12:0 a.m.33 views

Safari < 3.2.2 Multiple Vulnerabilities

The version of Safari installed on the remote Windows host is earlier than 3.2.2. Such versions reportedly have multiple security vulnerabilities : - Input validation issues in their handling of 'feed:' URLs, which could be abused to execute arbitrary JavaScript code in the local security zone. -...

10CVSS6.1AI score0.03204EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2008/10/22 12:0 a.m.29 views

HTTP CONNECT Proxy Detection

The remote service supports the HTTP CONNECT method for tunneling connections through an HTTP connection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid34473; scriptversion"1.10";...

5.5AI score
Exploits0
Cvelist
Cvelist
added 2007/02/06 7:0 p.m.24 views

CVE-2007-0796

Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption...

8AI score0.12643EPSS
Exploits1References7
Rows per page
Query Builder