281 matches found
Google Chrome cookie injection attack vulnerability
Google Chrome is a popular WEB browser. A security vulnerability exists in the Google Chrome net/http/proxyclientsocket.cc file due to failure to properly handle the 407 aka Proxy Authentication Required HTTP status code that appears in the Set-Cookie header. A remote attacker can exploit this...
UBUNTU-CVE-2015-1229
net/http/proxyclientsocket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 aka Proxy Authentication Required HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...
chromium-browser: Cookie injection in proxies
net/http/proxyclientsocket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 aka Proxy Authentication Required HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...
Mozilla Firefox ESR Multiple Vulnerabilities-01 (Jan 2015) - Mac OS X
Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...
Mozilla Thunderbird Multiple Vulnerabilities-01 (Jan 2015) - Mac OS X
Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...
Updated firefox and thunderbird packages fixes security vulnerabilities
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it CVE-2014-8634. It was found that the Beacon interface...
SeaMonkey < 2.32 Multiple Vulnerabilities
Binary data 8626.prm...
Mozilla Firefox < 35.0 Multiple Vulnerabilities
Binary data 8624.prm...
Session fixation
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...
Mozilla Thunderbird < 31.4 Multiple Vulnerabilities
The version of Thunderbird installed on the remote Windows host is prior to 31.4. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory safety issues exist within the browser engine. CVE-2014-8634, CVE-2014-8635 - A flaw exists in 'navigator.sendBeacon' in...
UBUNTU-CVE-2014-8639
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...
Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04)
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...
Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04)
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...
MyBulletinBoard (MyBB) <= 1.2.3 - Remote Code Execution Exploit
No description provided by source. !/usr/bin/php ?php errorreportingEALL ^ ENOTICE; http://www.milw0rm.com/exploits/2012 They corrected not all a lot of SQL requests which use the ipaddress, with $db-escapestring. They don't corrected the function this is a choice ... the bad and they forgot to...
TWiki <= 4.0.4 (configure) Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl Tue Aug 1 13:18:12 CEST 2006 [email protected] use strict; use LWP::UserAgent; use LWP::Simple; use HTTP::Request; use HTTP::Response; use Getopt::Long; $| = 1; couse 1 is bigger than 0 my $proxy,$proxyuser,$proxypass; my $host,$debug,$dir,...
openSUSE Security Update : privoxy (openSUSE-2013-242)
privoxy was updated to 3.0.21 stable fo fix CVE-2013-2503 bnc809123 - changes in 3.0.21 - On POSIX-like platforms, network sockets with file descriptor values above FDSETSIZE are properly rejected. Previously they could cause memory corruption in configurations that allowed the limit to be reache...
Code injection
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code...
Privoxy Proxy Authentication Credential Exposure - CVE-2013-2503
Privoxy Proxy Authentication Credential Exposure Product: Privoxy Project Homepage: privoxy.org Advisory ID: c22-2013-01 Vulnerable Versions: 3.0.20 and possibly prior Tested Version: 3.0.20-1 tested using Debian Sid Vendor Notification: March 6, 2013 Public Disclosure: March 11, 2013 Vulnerabili...
DEBIAN-CVE-2013-2503
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...
UBUNTU-CVE-2013-2503
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...