Lucene search
K

313 matches found

Debian CVE
Debian CVE
added 2009/07/07 11:0 p.m.48 views

CVE-2009-2352

Removed by vendor...

4.3CVSS9.6AI score0.02046EPSS
Exploits1
Prion
Prion
added 2009/04/22 6:30 p.m.26 views

Cross site scripting

Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header. NOTE...

4.3CVSS5.8AI score0.05565EPSS
Exploits0References26Affected Software1
Cvelist
Cvelist
added 2009/04/22 6:0 p.m.25 views

CVE-2009-1312

Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header. NOTE...

8.6AI score0.05565EPSS
Exploits0References26
OSV
OSV
added 2008/01/25 1:0 a.m.7 views

CVE-2008-0455

Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by...

4.9AI score
Exploits0References30
Prion
Prion
added 2007/04/24 5:19 p.m.14 views

Race condition

Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk.379 through trunk.445 allows remote attackers to obtain other clients' HTTP responses via multiple simultaneous requests, which triggers multiple calls to HttpWorkerRequest.FlushResponse for...

5CVSS7.4AI score0.01218EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2007/04/24 5:19 p.m.15 views

CVE-2007-2197

Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk.379 through trunk.445 allows remote attackers to obtain other clients' HTTP responses via multiple simultaneous requests, which triggers multiple calls to HttpWorkerRequest.FlushResponse for...

5CVSS6.8AI score0.01218EPSS
Exploits0References4
OSV
OSV
added 2005/09/08 10:3 a.m.4 views

DEBIAN-CVE-2005-2860

Cross-site scripting XSS vulnerability in Nikto 1.35 and earlier allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report...

4.3CVSS6AI score0.01298EPSS
Exploits1References1
NVD
NVD
added 2005/04/27 4:0 a.m.24 views

CVE-2004-1488

wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code...

5CVSS7AI score0.11919EPSS
Exploits1References10
UbuntuCve
UbuntuCve
added 2005/04/27 4:0 a.m.26 views

CVE-2004-1488

wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code...

5CVSS6.2AI score0.11919EPSS
Exploits1References2
OSV
OSV
added 2005/04/27 4:0 a.m.2 views

DEBIAN-CVE-2004-1488

wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code...

5CVSS7.6AI score0.11919EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2005/02/11 1:49 p.m.37 views

Important: Red Hat Security Advisory: squid security update

An updated Squid package that fixes several security issues is now available. Squid is a full-featured Web proxy cache. A buffer overflow flaw was found in the Gopher relay parser. This bug could allow a remote Gopher server to crash the Squid proxy that reads data from it. Although Gopher server...

7.5CVSS6.3AI score0.69661EPSS
Exploits2References9
FreeBSD
FreeBSD
added 2005/01/24 12:0 a.m.34 views

squid -- possible cache-poisoning via malformed HTTP responses

The squid patches page notes: This patch makes Squid considerably stricter while parsing the HTTP protocol. A Content-length header should only appear once in a valid request or response. Multiple Content-length headers, in conjunction with specially crafted requests, may allow Squid's cache to b...

5CVSS6.4AI score0.50775EPSS
Exploits0References1
NVD
NVD
added 2005/01/10 5:0 a.m.13 views

CVE-2004-1303

Buffer overflow in the get function in get.c for Yanf 0.4 allows remote malicious web servers to execute arbitrary code via crafted HTTP responses...

10CVSS7.9AI score0.06201EPSS
Exploits1References2
Rows per page
Query Builder