Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying vulnerability details 41 - 50 of 63778 in total

ViewState tampering Vulnerability

  • Severity: 7
  • Published: June 16, 2015

ASP.NET view state is the technique used by an ASP.NET Web page to persist changes to the state of a Web Form across postbacks. By default, view state data is stored on the page in a hidden field and is encoded using base64 encoding.

  1. View state data is not encrypted w...

Nginx NULL code Vulnerability

  • Severity: 10
  • Published: June 16, 2015

An attacker embeds one or more null bytes in input to the target software. This attack relies on the usage of a null-valued byte as a string terminator in many environments. The goal is for certain components of the target software to stop processing the input when it encounters the nul...

Unvalidated Redirect Vulnerability

  • Severity: 4
  • Published: June 16, 2015

Applications frequently redirect users to other pages, or use internal forwards in a similar manner. Sometimes the target page is specified in an unvalidated parameter, allowing attackers to choose the destination page.

HTTPS Downgrade Vulnerability

  • Severity: 4
  • Published: June 16, 2015

All pages which are available over TLS must not be available over a non-TLS connection. A user may inadvertently bookmark or manually type a URL to a HTTP page (e.g. http://site.com/myaccount) within the authenticated portion of the application. If this request is processed by the appli...

HTTP Response Splitting Vulnerability

  • Severity: 10
  • Published: June 16, 2015

HTTP Response Splitting is a new application attack technique which can be used to execute various new attacks such as web cache poisoning, cross user defacement, hijacking pages with sensitive user information and classic, Cross-Site Scripting (XSS). These attack techniques...

Java Grinder Vulnerability

  • Severity: 4
  • Published: June 16, 2015

Java .jar and .class files contain "bytecode" that can be decompiled. This decompiled code produces the original source code of the applet or servlet. The ability to decompile Java bytecode and obtain original source code is due to Java's multi-platform capability.

...

Include directory (Directory) Vulnerability

  • Severity: 4
  • Published: June 16, 2015

An "include" directory was found within the web document root. These directories often contain files with common functions or code that is to be shared among several scripts. Files within these directories often contain sensitive information such as database connection credentials, database query ...

Clients Cross-Domain Policy Files Vulnerability

  • Severity: 4
  • Published: June 16, 2015

A cross-domain policy file specifies the permissions that a web client such as Java, Adobe Flash, Adobe Reader, etc. use to access data across different domains. For Silverlight, Microsoft adopted a subset of the Adobe's crossdomain.xml, and additionally created it's own cr...