CVE-2007-1970

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks...

CVE-2007-1970

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks...

Code injection

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks...

CVE-2007-1970

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks...

CVE-2007-1970

CVE-2007-1970 involves Mozilla Firefox where dynamic HTTP elements created on HTTPS pages via a delayed document.write can mislead users and enable phishing content to be served from unauthenticated sources. The vulnerability is described with a moderate base score (CVSS v2.0 base 5.0) and relate...

CVE-2007-1970

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks...

Looked at the foreign cattle people how to tap Microsoft vulnerability-vulnerability warning-the black bar safety net

Ghost boy note: contains a w3wp-dos. c and a PDF document. I also added a download mirror to prevent the official link failure. Information source: 混世魔王 blog w3wp remote DoS due to improper reference of STA COM components in ASP.NET asp.net COM DOS EXP research Cattle below download address. And...

Cisco多个防火墙产品远程拒绝服务漏洞

Cisco PIX/ASA和防火墙服务模块（FWSM）可提供能够进行状态报文过滤和深层报文检查的防火墙服务。 Cisco PIX 500系列安全设备和Cisco ASA 5500系列自适应安全设备中存在多个安全漏洞： 增强型检查畸形HTTP通讯 +----------------------------------------------- 如果启用了增强型HTTP检查的话，则在检查畸形HTTP请求时Cisco PIX和ASA安全设 备可能崩溃。如果启用了HTTP应用检查的话，配置中会包含有类似于inspect http appfw...

Code injection

Cisco Firewall Services Module FWSM 3.x before 3.13.11, when the HTTPS server is enabled, allows remote attackers to cause a denial of service device reboot via certain HTTPS traffic...

Cross site request forgery (csrf)

Cisco FWSM 3.x before 3.13.18, when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service device reboot via a malformed HTTPS request...

CVE-2007-0964

Cisco FWSM 3.x before 3.13.18, when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service device reboot via a malformed HTTPS request...

CVE-2007-0966

Cisco Firewall Services Module FWSM 3.x before 3.13.11, when the HTTPS server is enabled, allows remote attackers to cause a denial of service device reboot via certain HTTPS traffic...

CVE-2007-0966

The CVE-2007-0966 issue affects Cisco's Firewall Services Module (FWSM) versions 3.x prior to 3.1(3.11). When the embedded HTTPS server is enabled, crafted HTTPS traffic can trigger a remote DoS that reboots/reloads the device. Root cause is an error in handling certain HTTPS requests by the embe...

CVE-2007-0964

The vulnerability CVE-2007-0964 affects Cisco Firewall Services Module (FWSM) 3.x prior to 3.1(3.18). The root cause is an error when processing malformed HTTPS requests during authentication configured via aaa authentication match or aaa authentication include, which can allow remote attackers t...

Cisco Firewall Services Module HTTPS Traffic Temporary Denial of Service Vulnerability

Cisco Firewall Services Module versions versions prior to 3.13.11 contain a vulnerability that could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to an error when the embedded HTTPS server handles certain types of requests. An...

Cisco Firewall Services Module HTTPS Request Denial of Service Vulnerability

Cisco Firewall Services Module versions prior to 3.13.18 contain a vulnerability that could allow an unauthenticated, remote attacker to create a temporary denial of service DoS condition. The vulnerability is due to an error when handling malformed HTTPS requests on devices that are configured t...

ap205-gen.txt

!/usr/bin/perl -w Advanced Poll 2.0.0 = 2.0.5-dev textfile admin session gen. 0day! KEEP IT PRIVATE 0day! date: 30/07/06 diwou PHCKSEC c 2001-2006. see templates for code execution ;. use strict; use warnings; use LWP::UserAgent; use MD5; my...

Advanced Poll 2.0.5-dev - Remote Admin Session Generator

!/usr/bin/perl -w Advanced Poll 2.0.0 = 2.0.5-dev textfile admin session gen. 0day! KEEP IT PRIVATE 0day! date: 30/07/06 diwou PHCKSEC c 2001-2006. see templates for code execution ;. use strict; use warnings; use LWP::UserAgent; use MD5; my...

FreeBSD : w3m -- format string vulnerability (9347d82d-9a66-11db-b271-000e35248ad7)

An anonymous person reports : w3m-0.5.1 crashes when using the -dump or -backend options to open a HTTPS URL with a SSL certificate where the CN contains '%n%n%n%n%n%n'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

CVE-2006-6772

Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name CN field of an SSL certificate associated with an https URL...