Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7636 matches found

Prion
Prionadded 2007/10/01 5:17 a.m.21 views

Cross site request forgery (csrf)

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

4.3CVSS6.2AI score0.02982EPSS
Exploits0References35Affected Software1
NVD
NVDadded 2007/10/01 5:17 a.m.21 views

CVE-2007-5162

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

4.3CVSS6.2AI score0.02982EPSS
Exploits0References35
securityvulns
securityvulnsadded 2007/10/01 12:0 a.m.53 views

Ruby Net::HTTPS library does not validate server certificate CN

iSEC Partners Security Advisory - 2007-006-RubySSL http://www.isecpartners.com -------------------------------------------- Ruby Net::HTTPS library does not validate server certificate CN Vendor: Ruby Vendor URL: http://www.ruby-lang.org Versions affected: 1.8.5, 1.8.6, Trunk Ruby Systems Affecte...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2007/10/01 12:0 a.m.67 views

JVN#79013771 Safari allows access from HTTP to HTTPS

Safari is a default web browser installed in Mac OS X and iPhone. Safari contains a vulnerability that allows a remote attacker to access web page contents protected by SSL/TLS from an HTTP page in the same domain. Impact A remote attacker could obtain or change the web page contents protected by...

6.8CVSS7.5AI score0.03163EPSS
Exploits0
CVE
CVEadded 2007/10/01 12:0 a.m.103 views

CVE-2007-5162

CVE-2007-5162 affects Ruby 1.8.5/1.8.6: Net::HTTP and Net::HTTPS do not verify the server certificate CN against the requested domain, enabling MITM or spoofed sites. The connected MiracleLinux advisory ( AXSA-2007-63:01 ) reiterates the flaw across multiple Net modules (including Net::HTTP/Net::...

4.3CVSS6.4AI score0.02982EPSS
Exploits0References35Affected Software1
securityvulns
securityvulnsadded 2007/10/01 12:0 a.m.56 views

[EXPL] Airsensor M520 HTTPD Preauth DoS and Buffer Overflow (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

0.2AI score
Exploits0
securityvulns
securityvulnsadded 2007/10/01 12:0 a.m.32 views

Ruby Net::HTTPS library certificates validation cryptographic vulnerability

Certificate's CN field is not validated against DNS name, making it's possible to use valid certificate with wrong CN...

5CVSS2.1AI score0.07714EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessusadded 2007/09/28 12:0 a.m.2401 views

Web Server Transmits Cleartext Credentials

The remote web server contains several HTML form fields containing an input of type 'password' which transmit their information to a remote web server in cleartext. An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords of valid users. C Tenable Netwo...

5.5AI score
Exploits0
NVD
NVDadded 2007/09/27 10:17 p.m.18 views

CVE-2007-4671

Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages...

6.8CVSS6.2AI score0.03163EPSS
Exploits0References13
Prion
Prionadded 2007/09/27 10:17 p.m.21 views

Code injection

Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages...

6.8CVSS6.4AI score0.03163EPSS
Exploits0References13Affected Software1
Cvelist
Cvelistadded 2007/09/27 10:0 p.m.29 views

CVE-2007-4671

Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages...

7.1AI score0.03163EPSS
Exploits0References13
CVE
CVEadded 2007/09/27 10:0 p.m.57 views

CVE-2007-4671

The CVE-2007-4671 issue affects Safari on Mac OS X (10.4–10.4.10) and Windows, plus iPhone 1.1.1. A crafted HTTP page can cause Javascript to affect HTTPS content from the same domain, enabling an attacker to alter or access HTTPS-protected pages. Root cause is a cross-page/script interaction bet...

6.8CVSS7.1AI score0.03163EPSS
Exploits0References13Affected Software1
Positive Technologies
Positive Technologiesadded 2007/09/27 12:0 a.m.3 views

PT-2007-5829 · Apple · Iphone +2

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 3.0.4 on Windows and Mac OS X Safari in Apple iPhone version 1.1.1 Description: The issue allows remote attackers to alter or access HTTPS content via an HTTP session with a crafted web page that causes Javascript to ...

6.8CVSS6AI score0.03163EPSS
Exploits0References14
RubySec
RubySecadded 2007/09/27 12:0 a.m.25 views

Ruby Net::HTTPS library does not validate server certificate CN

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

4.3CVSS3.3AI score0.02982EPSS
Exploits0References1Affected Software1
Ubuntu
Ubuntuadded 2007/09/25 9:47 p.m.38 views

USN-519-1: elinks vulnerability

Kalle Olavi Niemitalo discovered that if elinks makes a POST request to an HTTPS URL through a proxy, information may be sent in clear-text between elinks and the proxy. Attackers with access to the network could steal sensitive information such as passwords...

4.3CVSS5.2AI score0.02586EPSS
Exploits0
NVD
NVDadded 2007/09/24 12:17 a.m.12 views

CVE-2007-5036

Multiple buffer overflows in the AirDefense Airsensor M520 with firmware 4.3.1.1 and 4.4.1.4 allow remote authenticated users to cause a denial of service HTTPS service outage via a crafted query string in an HTTPS request to 1 adLog.cgi, 2 post.cgi, or 3 ad.cgi, related to the "files filter."...

5CVSS6.5AI score0.07189EPSS
Exploits1References6
Prion
Prionadded 2007/09/24 12:17 a.m.10 views

Buffer overflow

Multiple buffer overflows in the AirDefense Airsensor M520 with firmware 4.3.1.1 and 4.4.1.4 allow remote authenticated users to cause a denial of service HTTPS service outage via a crafted query string in an HTTPS request to 1 adLog.cgi, 2 post.cgi, or 3 ad.cgi, related to the "files filter."...

5CVSS7.1AI score0.07189EPSS
Exploits1References6Affected Software1
Cvelist
Cvelistadded 2007/09/24 12:0 a.m.18 views

CVE-2007-5036

Multiple buffer overflows in the AirDefense Airsensor M520 with firmware 4.3.1.1 and 4.4.1.4 allow remote authenticated users to cause a denial of service HTTPS service outage via a crafted query string in an HTTPS request to 1 adLog.cgi, 2 post.cgi, or 3 ad.cgi, related to the "files filter."...

6.5AI score0.07189EPSS
Exploits1References6
Prion
Prionadded 2007/09/21 8:17 p.m.9 views

Design/Logic Flaw

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...

4.3CVSS6.6AI score0.02586EPSS
Exploits0References20Affected Software1
UbuntuCve
UbuntuCveadded 2007/09/21 8:17 p.m.17 views

CVE-2007-5034

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...

4.3CVSS6AI score0.02586EPSS
Exploits0References4
Rows per page
Query Builder