3708 matches found
httpd, mod_ssl security update
CentOS Errata and Security Advisory CESA-2011:1392 Updated httpd packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring...
CVE-2011-3294
Cross-site scripting XSS vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers VCS with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342...
Cross site scripting
Cross-site scripting XSS vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers VCS with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342...
CVE-2011-3426
Cross-site scripting XSS vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header...
CVE-2011-3426
CVE-2011-3426 is an XSS vulnerability in Safari for iOS prior to 5, caused by Safari’s handling of files with the HTTP Content-Disposition header value “attachment.” A crafted file can execute inline scripts when opened in Safari, enabling remote script execution. Public references (e.g., JVN/JVN...
CVE-2011-3426
Cross-site scripting XSS vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header...
Sql injection
SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action...
CVE-2010-4897
SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action...
PHP 5.3.11/5.4.0RC2 - 'header()' HTTP Header Injection
source: https://www.securityfocus.com/bid/55297/info PHP is prone to a vulnerability that allows attackers to inject arbitrary headers through a URL. By inserting arbitrary headers, attackers may be able to launch cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks...
Polipo 1.0.4.1 - POSTPUT HTTP Header Processing Denial of Service
Polipo 1.0.4.1 - POSTPUT HTTP Header Processing Denial of Service source: https://www.securityfocus.com/bid/49908/info Polipo is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to crash, denying service to legitimate users. Polipo 1.0.4...
Polipo 1.0.4.1 - POST/PUT HTTP Header Processing Denial of Service
source: https://www.securityfocus.com/bid/49908/info Polipo is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to crash, denying service to legitimate users. Polipo 1.0.4.1 is vulnerable; other versions may also be affected...
Mozilla Releases Field Guide to Do Not Track
Mozilla has released a comprehensive guide to the use and implementation of the Do Not Track technology that’s included in its Firefox browser, in an effort to give developers and advertisers a better handle on how the technology works and how users are taking advantage of it. The Do Not Track...
Spring Security - HTTP Header Injection
Spring Security - HTTP Header Injection source: https://www.securityfocus.com/bid/49535/info Spring Security is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP response,...
Spring Security - HTTP Header Injection
source: https://www.securityfocus.com/bid/49535/info Spring Security is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP response, attackers may be able to launch various...
ManageEngine ServiceDesk Plus Multiple Stored XSS Vulnerabilities
This host is running ManageEngine ServiceDesk Plus and is prone to multiple stored cross site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmanageengineservicedeskplusmultxssvuln.nasl 7006 2017-08-25 11:51:20Z teissa $ ManageEngine ServiceDesk Plus Multiple Stored XSS...
ManageEngine ServiceDesk Plus 8.0 Cross Site Scripting
ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd. Product web page: http://www.manageengine.com Affected version: 8.0.0 Build 8013 Enterprise Summary: ServiceDesk Plus integrates your help desk requests and assets to help you manage your IT...
ManageEngine ServiceDesk Plus 8.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities
ManageEngine ServiceDesk Plus 8.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd. Product web page: http://www.manageengine.com Affected version: 8.0.0 Build 8013 Enterprise Summary...
ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities
Exploit for jsp platform in category web applications ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd. Product web page: http://www.manageengine.com Affected version: 8.0.0 Build 8013 Enterprise Summary: ServiceDesk Plus integrates your help...
rubygem-rails -- multiple vulnerabilities
SecurityFocus reports: Ruby on Rails is prone to multiple vulnerabilities including SQL-injection, information-disclosure, HTTP-header-injection, security-bypass and cross-site scripting issues...
Cross site scripting
Cross-site scripting XSS vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service Registry and Repository WSRR 6.3 before 6.3.0.5, 7.0 before 7.0.0.5, and 7.5 before 7.5.0.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header...