|
260351
|
- |
|
cisco
|
crs
customer_response_applications
ip_qm
unified_ccx
unified_ip_contact_center_express
unified_ip_ivr
|
Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows r…
|
CWE-79
Cross-site Scripting
|
CVE-2009-2048
|
2017-08-17 10:30 |
2009-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260352
|
- |
|
apple
|
safari
|
Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attack…
|
CWE-287
Improper Authentication
|
CVE-2009-2058
|
2017-08-17 10:30 |
2009-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260353
|
- |
|
google
|
chrome
|
src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a p…
|
CWE-287
Improper Authentication
|
CVE-2009-2060
|
2017-08-17 10:30 |
2009-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260354
|
- |
|
mozilla
|
firefox
|
Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's con…
|
CWE-310
Cryptographic Issues
|
CVE-2009-2061
|
2017-08-17 10:30 |
2009-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260355
|
- |
|
apple
|
safari
|
Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context…
|
CWE-287
Improper Authentication
|
CVE-2009-2062
|
2017-08-17 10:30 |
2009-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260356
|
- |
|
opera
|
opera_browser
|
Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's cont…
|
CWE-287
Improper Authentication
|
CVE-2009-2063
|
2017-08-17 10:30 |
2009-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260357
|
- |
|
mozilla
|
firefox
|
Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary we…
|
CWE-287
Improper Authentication
|
CVE-2009-2065
|
2017-08-17 10:30 |
2009-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260358
|
- |
|
apple
|
safari
|
Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by…
|
CWE-287
Improper Authentication
|
CVE-2009-2066
|
2017-08-17 10:30 |
2009-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260359
|
- |
|
opera
|
opera
|
Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, b…
|
CWE-287
Improper Authentication
|
CVE-2009-2068
|
2017-08-17 10:30 |
2009-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260360
|
- |
|
cisco
|
wrt160n
|
Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N wireless router hardware 1 and firmware 1.02.2 allows remote attackers to hijack the authentication of other users for unspecified r…
|
CWE-352
Origin Validation Error
|
CVE-2009-2073
|
2017-08-17 10:30 |
2009-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
