Cross site request forgery (csrf)

Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...

Cross site request forgery (csrf)

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

PYSEC-2011-10

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

CVE-2011-0447

Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...

CVE-2011-0447

CVE-2011-0447: Ruby on Rails 2.1.x–2.3.x before 2.3.11 and 3.x before 3.0.4 fail to properly validate an X-Requested-With header in HTTP requests, enabling remote attackers to perform CSRF via forged AJAX or API requests that leverage browser plugins and redirects. Affected versions include Rails...

CVE-2011-0447

Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...

CVE-2011-0696

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

HP OpenView NNM nnmRptConfig.exe schd_select1 Remote Code Execution (CVE-2011-0269)

The Network Node Manager NNM is an HP OpenView product which manages networks. It determines and displays physical and logical connectivity in networks, as well as information referring to protocols running over the network. A buffer overflow vulnerability has been reported in the HP OpenView...

Xerox WorkCentre Command Injection (XRX11-001)

According to its model number and software version, the remote host is a Xerox WorkCentre device that reportedly allows an unauthenticated attacker to execute arbitrary code via specially crafted HTTP requests. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid51901;...

Fedora Update for perl-CGI FEDORA-2011-0640

Check for the Version of perl-CGI OpenVAS Vulnerability Test Fedora Update for perl-CGI FEDORA-2011-0640 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for perl-CGI FEDORA-2011-0654

Check for the Version of perl-CGI OpenVAS Vulnerability Test Fedora Update for perl-CGI FEDORA-2011-0654 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 13 Update: perl-CGI-3.51-1.fc13

CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some...

CVE-2010-4690

The Mobile User Security MUS service on Cisco Adaptive Security Appliances ASA 5500 series devices with software before 8.32 does not properly authenticate HTTP requests from a Web Security appliance WSA, which might allow remote attackers to obtain sensitive information via a HEAD request, aka B...

CVE-2010-4690

The Mobile User Security MUS service on Cisco Adaptive Security Appliances ASA 5500 series devices with software before 8.32 does not properly authenticate HTTP requests from a Web Security appliance WSA, which might allow remote attackers to obtain sensitive information via a HEAD request, aka B...

Mongoose Web Server 'Content-Length' HTTP Header Remote DoS Vulnerability

Mongoose Web Server is prone to a remote denial of service DoS vulnerability because it fails to handle specially crafted input. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Elcom CommunityManager.NET Auth Bypass Vulnerability - Security Advisory - SOS-10-004

Elcom CommunityManager.NET Auth Bypass Vulnerability - Security Advisory - SOS-10-004 Release Date. 20-Dec-2010 Last Update. - Vendor Notification Date. 22-Jan-2010 Product. Elcom Technology's CommunityManager.NET Platform. IIS with ASP.NET Affected versions. v6.7 verified and possibly others...

Microsoft Windows ASP.NET Denial of Service Vulnerability (970957)

This host is missing a critical security update according to Microsoft Bulletin MS09-036. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6657)

The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's modssl was vulnerable to this kind of...

Basic Web Server 1.0 Denial Of Service

------------------------------------------------------------------------ Software................Basic Web Server 1.0 Vulnerability...........Denial Of Service Download................http://www.bit4free.com/ Release Date............9/16/2010 Tested On...............Windows XP...

Important: Red Hat Security Advisory: tomcat5 security update

Updated tomcat5 packages that fix three security issues are now available for Red Hat Certificate System 7.3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...