Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cache poisoning vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2020-29022
Failure to Sanitize host header value on output in the GateManager Web server could allow an malicious user to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions before 9.3
Secomea Gatemanager 4250 Firmware
Secomea Gatemanager 4260 Firmware
Secomea Gatemanager 9250 Firmware
Secomea Gatemanager 8250 Firmware
NA
CVE-2008-3442
WinZip prior to 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Winzip Winzip 10.0
Winzip Winzip 8.0
Winzip Winzip 8.1
Winzip Winzip 9.0
Winzip Winzip 7.0
NA
CVE-2024-21507
Versions of the package mysql2 prior to 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.
NA
CVE-2008-3441
Nullsoft Winamp prior to 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Nullsoft Winamp
NA
CVE-2008-3434
Apple iTunes prior to 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Apple Itunes 1.1.2
Apple Itunes 2.0
Apple Itunes 4.0
Apple Itunes 4.0.1
Apple Itunes 4.9
Apple Itunes 5.0
Apple Itunes 6.0.4.2
Apple Itunes
Apple Itunes 2.0.1
Apple Itunes 2.0.2
Apple Itunes 4.1
Apple Itunes 4.2
Apple Itunes 5.0.1
Apple Itunes 6.0
Apple Itunes 1.0
Apple Itunes 2.0.3
Apple Itunes 2.0.4
Apple Itunes 4.5
Apple Itunes 4.6
Apple Itunes 6.0.1
Apple Itunes 6.0.2
Apple Itunes 1.1
NA
CVE-2008-3437
OpenOffice.org (OOo) prior to 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Openoffice Openoffice.org 2.0
Openoffice Openoffice.org 2.0.2
Openoffice Openoffice.org 2.0.3
Openoffice Openoffice.org 2.0.4
Openoffice Openoffice.org 1.1.5
8.1
CVSSv3
CVE-2008-3438
Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Apple Mac Os X
4
CVSSv3
CVE-2017-1773
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817.
Ibm Datapower Gateway
NA
CVE-2008-3439
SpeedBit Video Acceleration prior to 2.2.1.8 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Speedbit Speedbit Video Accelerator
4.7
CVSSv3
CVE-2017-9071
In MODX Revolution prior to 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning.
Modx Modx Revolution
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »