Lucene search
+L

631 matches found

CERT
CERT
added 2009/02/23 12:0 a.m.21 views

Intercepting proxy servers may incorrectly rely on HTTP headers to make connections

Overview Proxy servers running in interception mode "transparent" proxies that make connection decisions based on HTTP header values may be used by an attacker to relay connections. Description HTTP Host Headers are defined in RFC 2616 and are often used to by web servers to allow multiple websit...

6.9AI score
Exploits0References8
myhack58
myhack58
added 2007/11/20 12:0 a.m.24 views

EFS encryption techniques of conceptual analysis and a decryption pass-vulnerability warning-the black bar safety net

EFSEncrypting File System, Encrypting File Systemencryption is based on the NTFS disk art encryption technology. EFS encryption is based on Public Key Policies. Using EFS to encrypt a file or folder, the system will first generate a pseudo-random number consisting of a FEKFile Encryption Key file...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/04/30 12:0 a.m.29 views

GLSA-200704-17 : 3proxy: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200704-17 3proxy: Buffer overflow The 3proxy development team reported a buffer overflow in the logurl function when processing overly long requests. Impact : A remote attacker could send a specially crafted transparent request to...

10CVSS6.4AI score0.15308EPSS
Exploits0References2
securityvulns
securityvulns
added 2007/04/17 12:0 a.m.54 views

3proxy buffer overflow

Buffer overflow on parsing transparent HTTP proxy request...

10CVSS2.5AI score0.15308EPSS
Exploits0Affected Software1
Mozilla
Mozilla
added 2007/02/23 12:0 a.m.39 views

Spoofing using custom cursor and CSS3 hotspot — Mozilla

David Eckel reported that browser UI elements--such as the host name and security indicators--could be spoofed by using a large, mostly transparent, custom cursor and adjusting the CSS3 hotspot property so that the visible part of the cursor floated outside the browser content area...

6.4CVSS3.7AI score0.01548EPSS
Exploits0References2Affected Software2
securityvulns
securityvulns
added 2006/08/15 12:0 a.m.706 views

Technical note: under some conditions, it's possible to steal HTTP credentials using Flash

Technical note: under some conditions, it's possible to steal HTTP credentials using Flash requires IE + some transparent proxies or virtual hosting The method described here is pretty simple. It works though only on HTTP not HTTPS credentials. Also, it works only when the client browses using IE...

Exploits0
myhack58
myhack58
added 2006/07/21 12:0 a.m.17 views

Governs the granting of leave true when True also false-the“real”IP security risks-vulnerability warning-the black bar safety net

Let us look at the ASP code first: Function getIP Dim strIPAddr as string If Request. ServerVariables"HTTPXFORWARDEDFOR" = "" OR InStrRequest. ServerVariables"HTTPXFORWARDEDFOR", "unknown" 0 Then strIPAddr = Request. ServerVariables"REMOTEADDR" ElseIf InStrRequest...

0.1AI score
Exploits0
myhack58
myhack58
added 2006/07/12 12:0 a.m.17 views

Governs the granting of leave true when True also false—the“real”IP brings security risks-vulnerability warning-the black bar safety net

Author: lake2, http://lake2.0x54.org Let us look at the ASP code first: | Function getIP Dim strIPAddr as string If Request. ServerVariables"HTTPXFORWARDEDFOR" = "" OR InStrRequest. ServerVariables"HTTPXFORWARDEDFOR", "unknown" 0 Then strIPAddr = Request. ServerVariables"REMOTEADDR" ElseIf...

7.6AI score
Exploits0
Prion
Prion
added 2006/05/12 12:2 a.m.13 views

Default configuration

The transparent proxy feature of the Cisco Application Velocity System AVS 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy arbitrary TCP connections, aka Bug ID CSCsd32143...

6.4CVSS7.3AI score0.0154EPSS
Exploits0References7Affected Software2
NVD
NVD
added 2006/05/12 12:2 a.m.14 views

CVE-2006-2322

The transparent proxy feature of the Cisco Application Velocity System AVS 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy arbitrary TCP connections, aka Bug ID CSCsd32143...

6.4CVSS6.8AI score0.0154EPSS
Exploits0References7
CVE
CVE
added 2006/05/12 12:0 a.m.52 views

CVE-2006-2322

The CVE-2006-2322 entry describes a vulnerability in Cisco Application Velocity System (AVS) where the default configuration of AVS 3110 (versions 5.0 and 4.0 and earlier) and AVS 3120 (5.0.0 and earlier) allows remote attackers to proxy arbitrary TCP connections via the transparent proxy feature...

6.4CVSS6.8AI score0.0154EPSS
Exploits0References7Affected Software2
Cvelist
Cvelist
added 2006/05/12 12:0 a.m.19 views

CVE-2006-2322

The transparent proxy feature of the Cisco Application Velocity System AVS 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy arbitrary TCP connections, aka Bug ID CSCsd32143...

6.8AI score0.0154EPSS
Exploits0References7
securityvulns
securityvulns
added 2006/05/11 12:0 a.m.48 views

Cisco Application Velocity System TCP port relaying

Default configuration allows any TCP port to be accessed with transparent HTTP proxy request...

1.4AI score
Exploits0References1Affected Software2
Tenable Nessus
Tenable Nessus
added 2006/04/21 12:0 a.m.27 views

Ubuntu 4.10 / 5.04 / 5.10 : mozilla-firefox, firefox vulnerabilities (USN-271-1)

Web pages with extremely long titles caused subsequent launches of Firefox browser to hang for up to a few minutes, or caused Firefox to crash on computers with insufficient memory. CVE-2005-4134 Igor Bukanov discovered that the JavaScript engine did not properly declare some temporary variables...

10CVSS8.5AI score0.12589EPSS
Exploits3References22
NVD
NVD
added 2006/04/14 10:2 a.m.26 views

CVE-2006-1736

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes...

2.6CVSS6.1AI score0.02438EPSS
Exploits0References33
Mozilla
Mozilla
added 2006/04/13 12:0 a.m.38 views

Downloading executables with "Save Image As..." — Mozilla

By layering a transparent image link to an executable on top of a visible and presumably desirable image a malicious site might be able to convince some visitors to right-click and choose "Save image as..." from the context menu and fool them by giving them the executable instead. When the users...

2.6CVSS5.6AI score0.02438EPSS
Exploits0References1Affected Software3
securityvulns
securityvulns
added 2006/02/28 12:0 a.m.47 views

NuFW transparent firewall DoS

Service crash on packet parsing, hangs on TLS traffic flood...

3.3AI score
Exploits0References2Affected Software1
Prion
Prion
added 2006/02/04 2:2 a.m.26 views

Buffer overflow

Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTHALTERSESSION attribute in the authentication phase of t...

7.5CVSS7.4AI score0.0965EPSS
Exploits1References8Affected Software1
CERT
CERT
added 2006/01/19 12:0 a.m.34 views

Oracle Transparent Data Encryption master encryption key stored as plaintext

Overview Oracle Transparent Data Encryption master encryption key is stored as plaintext, which could allow an attacker to decrypt and read sensitive information within the database. Description Transparent Data Encryption TDE According to Oracle, Transparent Data Encryption "allows customers to...

10CVSS5.5AI score0.04863EPSS
Exploits0References3
NVD
NVD
added 2006/01/18 11:3 a.m.26 views

CVE-2006-0270

Unspecified vulnerability in the Transparent Data Encryption TDE Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without...

10CVSS5.8AI score0.04863EPSS
Exploits0References12
Rows per page
Query Builder