Stack overflow

Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header...

Buffer overflow

Buffer overflow in webappmon.exe in HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header...

CVE-2009-4177

Buffer overflow in webappmon.exe in HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header...

CVE-2009-4177

Buffer overflow in webappmon.exe in HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header...

WordPress RSS feed Generator self_link HTTP_HOST Cross-Site Scripting (CVE-2008-5278)

WordPress is an opensource php-based blog publishing platform. It offers several features such as multi-author editing capability, automatic formatting of text and an architecture which supports plugins to further extend its functionality. There exists a cross-site script insertion vulnerability ...

Google Chrome < 1.0.154.53 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 1.0.154.53. Such versions are reportedly affected by multiple vulnerabilities : - The browser uses the HTTP Host header to determine the context of a 4xx/5xx CONNECT response from a proxy server. This could allow a...

CVE-2009-2059

Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" atta...

CVE-2009-2058

Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack...

CVE-2009-2060

src/net/http/httptransactionwinhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this...

CVE-2009-2057

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL...

Hardcoded credentials

Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" atta...

Hardcoded credentials

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL...

CVE-2009-2057

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL...

CVE-2009-2060

Google Chrome before 1.0.154.53 is affected by an SSL/tampering flaw: the browser uses the HTTP Host header to determine the context of a 4xx/5xx CONNECT response from a proxy, enabling a man-in-the-middle to run arbitrary script in the context of a legitimate server. This is described in CVE-200...

CVE-2009-2058

Apple Safari before 3.2.2 is affected by CVE-2009-2058 where the HTTP Host header is used to determine the document context in a (1) 4xx or (2) 5xx CONNECT response from a proxy, enabling a man-in-the-middle to modify the response and execute arbitrary web scripts (SSL-tampering). Connected sourc...

CVE-2009-2059

Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" atta...

CVE-2009-2060

Removed by vendor...

Hardcoded credentials

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying...

CVE-2009-1836

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying...

CVE-2009-1836

CVE-2009-1836: The vulnerability arises from how Mozilla Firefox (pre-3.0.11), Thunderbird (pre-2.0.0.22), and SeaMonkey (pre-1.1.17) use the HTTP Host header to determine the document context in a non-200 CONNECT response from a proxy. This can enable a man-in-the-middle attacker to modify the C...