Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site’s context, by modifying this CONNECT response...
Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site’s context, by modifying this CONNECT response...
src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows...
Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers...
Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers...
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle...
Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element....
nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to interaction with TinyMCE. Date published : 2009-06-12 http://www.securityfocus.com/bid/35413...
libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and...
Cross-site scripting (XSS) vulnerability in A51 D.O.O. activeCollab 0.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1772. Date published : 2009-06-12 http://jvn.jp/en/jp/JVN55752635/index.html http://osvdb.org/55099
admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct request. Date published : 2009-06-12 https://www.exploit-db.com/exploits/8902 http://secunia.com/advisories/35367
Unspecified vulnerability in the Luottokunta module before 1.3 for osCommerce has unknown impact and attack vectors related to orders. Date published : 2009-06-12 http://www.securityfocus.com/bid/35191 http://addons.oscommerce.com/info/3698
Unspecified vulnerability in the Finnish Bank Payment module 2.2 for osCommerce has unknown impact and attack vectors related to bank charges. Date published : 2009-06-12 http://addons.oscommerce.com/info/5485 http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-046.html
Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot)...