Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
an-http vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-14037
CrushFTP prior to 7.8.0 and 8.x prior to 8.2.0 has an HTTP header vulnerability.
Crushftp Crushftp
Crushftp Crushftp 8.0.3
Crushftp Crushftp 8.0.4
Crushftp Crushftp 8.1.0
Crushftp Crushftp 8.0.2
6.8
CVSSv2
CVE-2009-2067
Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle malicious users to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script f...
Opera Opera Browser 9.10
Opera Opera Browser 7.23
Opera Opera Browser 8.0
Opera Opera Browser 9.01
Opera Opera Browser 9.0
Opera Opera Browser 7.53
Opera Opera Browser 8.51
Opera Opera Browser 8.53
Opera Opera Browser 9.20
Opera Opera Browser 9.12
Opera Opera Browser 9.02
Opera Opera Browser 9.21
Opera Opera Browser 8.54
Opera Opera Browser 8.01
Opera Opera Browser 7.60
Opera Opera Browser 8.52
Opera Opera Browser 7.54
Opera Opera Browser 7.0
Opera Opera Browser 8.02
Opera Opera Browser 8.50
Opera Opera Browser
6.8
CVSSv2
CVE-2009-2066
Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle malicious users to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a s...
Apple Safari 1.0.0b2
Apple Safari 1.0.1
Apple Safari 1.1.0
Apple Safari 1.1
Apple Safari 1.2.5
Apple Safari 1.3
Apple Safari 2.0
Apple Safari 2.0.0
Apple Safari 2.0.3
Apple Safari 1.0.0
Apple Safari 1.0.0b1
Apple Safari 1.0
Apple Safari 1.2.3
Apple Safari 1.2.4
Apple Safari 0.9
Apple Safari 1.0.3
Apple Safari 1.2.0
Apple Safari 1.2.1
Apple Safari 1.2.2
Apple Safari 1.3.2
Apple Safari 3
Apple Safari 3.0
5.8
CVSSv2
CVE-2009-2068
Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle malicious users to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a ...
Opera Opera 5.0
Opera Opera 5.02
Opera Opera 5.1
Opera Opera 5.5
Opera Opera 5.6
Opera Opera 6.01
Opera Opera 6.02
Opera Opera 6.12
Opera Opera 6
Opera Opera 7.03
Opera Opera 7.10
Opera Opera 7.50
Opera Opera 8.0
Opera Opera 8.54
Opera Opera 9.0
Opera Opera 5.12
Opera Opera 5.2
Opera Opera 5.9
Opera Opera 6.0
Opera Opera 6.05
Opera Opera 6.06
Opera Opera 7.0
2.9
CVSSv2
CVE-2015-4640
The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle malicious users to write to language-pack files by modifying an HTTP response. NOTE: CV...
Swiftkey Swiftkey Sdk
5
CVSSv2
CVE-2020-15576
SolarWinds Serv-U File Server prior to 15.2.1 allows information disclosure via an HTTP response.
Solarwinds Serv-u
6.8
CVSSv2
CVE-2009-2065
Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle malicious users to execute arbitrary web script, in an https site's context, by modifying an http page to inc...
Mozilla Firefox 0.1
Mozilla Firefox 0.6
Mozilla Firefox 0.6.1
Mozilla Firefox 0.9.3
Mozilla Firefox 0.9
Mozilla Firefox 1.0.6
Mozilla Firefox 1.0.7
Mozilla Firefox 1.5.0.11
Mozilla Firefox 1.5.0.12
Mozilla Firefox 1.5.0.8
Mozilla Firefox 1.5.0.9
Mozilla Firefox 1.5.1
Mozilla Firefox 1.5
Mozilla Firefox 2.0.0.16
Mozilla Firefox 2.0.0.17
Mozilla Firefox 2.0.0.7
Mozilla Firefox 2.0.0.9
Mozilla Firefox 2.0.0.8
Mozilla Firefox 2.0 .6
Mozilla Firefox 2.0 .9
Mozilla Firefox 3.0.5
Mozilla Firefox 3.0.6
5
CVSSv2
CVE-2003-1152
WebTide 7.04 allows remote malicious users to list arbitrary directories via an HTTP request for %3f.jsp (encoded "?").
Infrontech Webtide 7.0.4
NA
CVE-2021-33621
The cgi gem prior to 0.1.0.2, 0.2.x prior to 0.2.2, and 0.3.x prior to 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
Ruby-lang Cgi
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Ruby-lang Ruby
6.8
CVSSv2
CVE-2009-2064
Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle malicious users to execute arbitrary web script, in an https site's context, by modifying an http page...
Microsoft Internet Explorer 6
Microsoft Pocket Ie 1.1
Microsoft Pocket Ie 2.0
Microsoft Internet Explorer 8
Microsoft Internet Explorer 8.0b
Microsoft Pocket Ie 3.0
Microsoft Pocket Ie 4.0
Microsoft Internet Explorer 5
Microsoft Internet Explorer 5.01
Microsoft Pocket Ie 1.0
Microsoft Internet Explorer
Microsoft Internet Explorer 7
Microsoft Internet Explorer 7.0.5730
Microsoft Pocket Ie 2002
Microsoft Pocket Ie 2003
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »