Lucene search
+L

390 matches found

CVE
CVE
added 2009/04/24 3:0 p.m.93 views

CVE-2009-0164

CVE-2009-0164 affects the CUPS web interface prior to 1.3.10, where the HTTP Host header is not validated. This enables DNS rebinding-style attacks from a remote attacker over the network (impact: partial confidentiality/integrity and partial availability as per NVD metrics; base score 6.4, MEDIU...

6.4CVSS7.2AI score0.02907EPSS
Exploits0References13Affected Software1
Tenable Nessus
Tenable Nessus
added 2009/04/17 12:0 a.m.56 views

CUPS < 1.3.10 Multiple Vulnerabilities

According to its banner, the version of CUPS installed on the remote host is earlier than 1.3.10. Such versions are affected by several issues : - A potential integer overflow in the PNG image validation code in 'cupsImageReadPNG' could allow an attacker to crash the affected service or possibly...

7.5CVSS7.4AI score0.19633EPSS
Exploits5References12
Prion
Prion
added 2009/04/01 10:30 a.m.16 views

Design/Logic Flaw

Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet...

5.8CVSS7.3AI score0.01357EPSS
Exploits0References2
Cvelist
Cvelist
added 2009/04/01 10:0 a.m.27 views

CVE-2009-1211

Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet...

6.8AI score0.01357EPSS
Exploits0References2
CVE
CVE
added 2009/04/01 10:0 a.m.57 views

CVE-2009-1211

CVE-2009-1211 affects Blue Coat ProxySG when in transparent interception mode. The vulnerability arises because the appliance uses the HTTP Host header to select the remote endpoint, allowing a crafted page to cause a client to send requests with a modified Host header. This can bypass access con...

5.8CVSS7AI score0.01357EPSS
Exploits0References2Affected Software19
OpenVAS
OpenVAS
added 2009/03/26 12:0 a.m.17 views

Ziproxy Security Bypass Vulnerability

This host is running Ziproxy server and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodziproxysecbypassvuln.nasl 5676 2017-03-22 16:29:37Z cfi $ Ziproxy Security Bypass Vulnerability Authors: Nikita MR Copyright: Copyright c 2009 SecPod, http://www.secpod.com Thi...

5.4CVSS6.4AI score0.02376EPSS
Exploits0References2
Prion
Prion
added 2009/03/20 12:30 a.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in the chooseprimaryblog function in wp-includes/wpmu-functions.php in WordPress MU WPMU before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header...

4.3CVSS6AI score0.04664EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2009/03/20 12:0 a.m.82 views

CVE-2009-1030

Technical details about CVE-2009-1030 are not provided in the attached documents. Monitor for updates from vendors and security advisories.

4.3CVSS5.5AI score0.04664EPSS
Exploits0References6Affected Software1
seebug.org
seebug.org
added 2009/03/14 12:0 a.m.22 views

WordPress MU wp-includes/wpmu-functions.php模块跨站脚本漏洞

BUGTRAQ ID: 34075 WordPress MU允许在单个wordpress安装上运行多个博客。 WordPress MU的chooseprimaryblog函数没有正确地过滤Host头。以下是wp-includes/wpmu-functions.php中的有漏洞代码段: 1830 function chooseprimaryblog 1831 global $currentuser; 1832 ? 1833 table class="form-table" 1834 tr 1835 th scope="row"?php e'Primary Blog'; ?/th 1836 ...

6.9AI score
Exploits0
NVD
NVD
added 2009/03/04 4:30 p.m.20 views

CVE-2009-0801

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a...

5.4CVSS8.5AI score0.03089EPSS
Exploits0References2
NVD
NVD
added 2009/03/04 4:30 p.m.19 views

CVE-2009-0804

Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...

5.4CVSS6.6AI score0.02376EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2009/03/04 4:30 p.m.17 views

CVE-2009-0804

Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...

5.4CVSS5.9AI score0.02376EPSS
Exploits0References1
Prion
Prion
added 2009/03/04 4:30 p.m.13 views

Design/Logic Flaw

Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...

5.4CVSS7.1AI score0.02376EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2009/03/04 4:30 p.m.27 views

Design/Logic Flaw

Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...

5.4CVSS7.3AI score0.02424EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2009/03/04 4:30 p.m.19 views

Design/Logic Flaw

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a...

5.4CVSS7.1AI score0.03089EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2009/03/04 4:30 p.m.35 views

CVE-2009-0802

Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...

5.4CVSS6.7AI score0.02424EPSS
Exploits0References2
Prion
Prion
added 2009/03/04 4:30 p.m.9 views

Design/Logic Flaw

SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and...

5.4CVSS7.3AI score0.02355EPSS
Exploits0References3Affected Software3
OSV
OSV
added 2009/03/04 4:30 p.m.6 views

CVE-2009-0804

Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...

6.5AI score
Exploits0References4
CVE
CVE
added 2009/03/04 4:0 p.m.55 views

CVE-2009-0804

CVE-2009-0804 - Ziproxy 2.6.0 vulnerability : In transparent interception mode, Ziproxy uses the HTTP Host header to determine the remote endpoint. This allows a crafted page to cause the client to send requests with a modified Host header, bypassing access controls for Flash, Java, Silverlight, ...

5.4CVSS6.7AI score0.02376EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2009/03/04 4:0 p.m.67 views

CVE-2009-0802

CVE-2009-0802 affects Qbik WinGate HTTP Proxy Server. In transparent interception mode, the proxy uses the HTTP Host header to determine the remote endpoint, enabling a crafted page to force a client to send requests with a modified Host header. This can allow remote attackers to bypass access co...

5.4CVSS7AI score0.02424EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder