390 matches found
CVE-2009-0164
CVE-2009-0164 affects the CUPS web interface prior to 1.3.10, where the HTTP Host header is not validated. This enables DNS rebinding-style attacks from a remote attacker over the network (impact: partial confidentiality/integrity and partial availability as per NVD metrics; base score 6.4, MEDIU...
CUPS < 1.3.10 Multiple Vulnerabilities
According to its banner, the version of CUPS installed on the remote host is earlier than 1.3.10. Such versions are affected by several issues : - A potential integer overflow in the PNG image validation code in 'cupsImageReadPNG' could allow an attacker to crash the affected service or possibly...
Design/Logic Flaw
Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet...
CVE-2009-1211
Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet...
CVE-2009-1211
CVE-2009-1211 affects Blue Coat ProxySG when in transparent interception mode. The vulnerability arises because the appliance uses the HTTP Host header to select the remote endpoint, allowing a crafted page to cause a client to send requests with a modified Host header. This can bypass access con...
Ziproxy Security Bypass Vulnerability
This host is running Ziproxy server and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodziproxysecbypassvuln.nasl 5676 2017-03-22 16:29:37Z cfi $ Ziproxy Security Bypass Vulnerability Authors: Nikita MR Copyright: Copyright c 2009 SecPod, http://www.secpod.com Thi...
Cross site scripting
Cross-site scripting XSS vulnerability in the chooseprimaryblog function in wp-includes/wpmu-functions.php in WordPress MU WPMU before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header...
CVE-2009-1030
Technical details about CVE-2009-1030 are not provided in the attached documents. Monitor for updates from vendors and security advisories.
WordPress MU wp-includes/wpmu-functions.php模块跨站脚本漏洞
BUGTRAQ ID: 34075 WordPress MU允许在单个wordpress安装上运行多个博客。 WordPress MU的chooseprimaryblog函数没有正确地过滤Host头。以下是wp-includes/wpmu-functions.php中的有漏洞代码段: 1830 function chooseprimaryblog 1831 global $currentuser; 1832 ? 1833 table class="form-table" 1834 tr 1835 th scope="row"?php e'Primary Blog'; ?/th 1836 ...
CVE-2009-0801
Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a...
CVE-2009-0804
Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...
CVE-2009-0804
Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...
Design/Logic Flaw
Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...
Design/Logic Flaw
Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...
Design/Logic Flaw
Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a...
CVE-2009-0802
Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...
Design/Logic Flaw
SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and...
CVE-2009-0804
Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...
CVE-2009-0804
CVE-2009-0804 - Ziproxy 2.6.0 vulnerability : In transparent interception mode, Ziproxy uses the HTTP Host header to determine the remote endpoint. This allows a crafted page to cause the client to send requests with a modified Host header, bypassing access controls for Flash, Java, Silverlight, ...
CVE-2009-0802
CVE-2009-0802 affects Qbik WinGate HTTP Proxy Server. In transparent interception mode, the proxy uses the HTTP Host header to determine the remote endpoint, enabling a crafted page to force a client to send requests with a modified Host header. This can allow remote attackers to bypass access co...