Keybase: Content Sniffing not disabled

Issue description :- There was no "X-Content-Type-Options" HTTP header with the value nosniff set in the response. The lack of this header causes that certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly. This can make t...

NewStatPress <= 1.0.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

An insufficient user input validation of HTTP-Header: "Referer" results in a persistent XSS in the WordPress admin-panel. An attacker may be able to access any cookies, session tokens or other sensitive information retained by the browser and used with that site...

Netgear Prosafe VPN Firewalls - Multiple vulnerabilities

About Encripto AS ================= Encripto is a Norwegian company which provides specialized services within IT-security. Our core expertise is security testing, network security monitoring and training. Encripto is committed to information security. We do research to discover trends, new...

CVE-2015-4198

Cross-site scripting XSS vulnerability in the web framework on Cisco Web Security Appliance WSA devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409...

Cross site scripting

Cross-site scripting XSS vulnerability in the web framework on Cisco Web Security Appliance WSA devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409...

CVE-2015-4198

Cross-site scripting XSS vulnerability in the web framework on Cisco Web Security Appliance WSA devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409...

Cisco Web Security Appliance Web Framework HTTP Header Injection Vulnerability

A vulnerability in the web framework of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to inject a crafted HTTP header that could introduce arbitrary code into the web interface. The vulnerability is due to insufficient validation of user input before it is used...

CVE-2015-0770

The vulnerability CVE-2015-0770 affects Cisco TelePresence TC software on the SX20 Integrator C platform, specifically TC 6.x before 6.3.4 and 7.x before 7.3.3. The root cause is improper handling of HTTP requests leading toCRLF injection and HTTP response splitting, allowing an unauthenticated, ...

IBM Watson XSS / Open Redirect

Vulnerability type: Cross-site Scripting & Redirect Vendor: www.ibm.com Product: IBM Watson Cloud Computing SaaS Cognea Product Link: http://www.ibm.com/smarterplanet/us/en/ibmwatson/ Credit: Jerold Hoong The logout.jsp page function of the IBM Watson Cognea SaaS application is vulnerable to...

CVE-2014-0999

Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header...

Crlf injection

CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting XSS attacks, via a crafted request, aka Bug ID...

CVE-2015-0733

Cisco Headend System Release Digital Broadband Delivery System is affected by a CRLF injection vulnerability in the HTTP Header Handler, enabling remote attackers to inject arbitrary HTTP headers and perform HTTP response-splitting attacks (potentially enabling XSS). The issue, tracked as CVE-201...

CVE-2015-0733

CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting XSS attacks, via a crafted request, aka Bug ID...

Cisco Headend Digital Broadband Delivery System HTTP Response-Splitting Vulnerability

A vulnerability in the Cisco Headend Digital Broadband Delivery System could allow an unauthenticated, remote attacker to conduct HTTP response-splitting attacks. The vulnerability is due to improper sanitization on user input performed by the HTTP Header Handler within the affected software...

CVE-2015-4060

Heap-based buffer overflow in the TermProxy WLTermProxyService.exe service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header...

CVE-2015-4059

Heap-based buffer overflow in the License Server LicenseServer.exe in Wavelink Terminal Emulation TE allows remote attackers to execute arbitrary code via a large HTTP header...

Heap overflow

Heap-based buffer overflow in the License Server LicenseServer.exe in Wavelink Terminal Emulation TE allows remote attackers to execute arbitrary code via a large HTTP header...

Heap overflow

Heap-based buffer overflow in the TermProxy WLTermProxyService.exe service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header...

CVE-2015-4060

CVE-2015-4060 describes a heap-based buffer overflow in Wavelink ConnectPro TermProxy (WLTermProxyService.exe) that enables remote code execution via oversized HTTP headers. Connected CNVD/NVD records confirm the root cause as improper parsing of HTTP requests leading to heap overflow, exploitabl...

CVE-2015-4059

Heap-based buffer overflow in the License Server LicenseServer.exe in Wavelink Terminal Emulation TE allows remote attackers to execute arbitrary code via a large HTTP header...