Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
an-http vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-14037
CrushFTP prior to 7.8.0 and 8.x prior to 8.2.0 has an HTTP header vulnerability.
Crushftp Crushftp
Crushftp Crushftp 8.0.3
Crushftp Crushftp 8.0.4
Crushftp Crushftp 8.1.0
Crushftp Crushftp 8.0.2
5
CVSSv2
CVE-2020-15576
SolarWinds Serv-U File Server prior to 15.2.1 allows information disclosure via an HTTP response.
Solarwinds Serv-u
6.8
CVSSv2
CVE-2009-2066
Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle malicious users to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a s...
Apple Safari 1.0.0b2
Apple Safari 1.0.1
Apple Safari 1.1.0
Apple Safari 1.1
Apple Safari 1.2.5
Apple Safari 1.3
Apple Safari 2.0
Apple Safari 2.0.0
Apple Safari 2.0.3
Apple Safari 1.0.0
Apple Safari 1.0.0b1
Apple Safari 1.0
Apple Safari 1.2.3
Apple Safari 1.2.4
Apple Safari 0.9
Apple Safari 1.0.3
Apple Safari 1.2.0
Apple Safari 1.2.1
Apple Safari 1.2.2
Apple Safari 1.3.2
Apple Safari 3
Apple Safari 3.0
6.8
CVSSv2
CVE-2009-2067
Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle malicious users to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script f...
Opera Opera Browser 9.10
Opera Opera Browser 7.23
Opera Opera Browser 8.0
Opera Opera Browser 9.01
Opera Opera Browser 9.0
Opera Opera Browser 7.53
Opera Opera Browser 8.51
Opera Opera Browser 8.53
Opera Opera Browser 9.20
Opera Opera Browser 9.12
Opera Opera Browser 9.02
Opera Opera Browser 9.21
Opera Opera Browser 8.54
Opera Opera Browser 8.01
Opera Opera Browser 7.60
Opera Opera Browser 8.52
Opera Opera Browser 7.54
Opera Opera Browser 7.0
Opera Opera Browser 8.02
Opera Opera Browser 8.50
Opera Opera Browser
5.8
CVSSv2
CVE-2009-2068
Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle malicious users to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a ...
Opera Opera 5.0
Opera Opera 5.02
Opera Opera 5.1
Opera Opera 5.5
Opera Opera 5.6
Opera Opera 6.01
Opera Opera 6.02
Opera Opera 6.12
Opera Opera 6
Opera Opera 7.03
Opera Opera 7.10
Opera Opera 7.50
Opera Opera 8.0
Opera Opera 8.54
Opera Opera 9.0
Opera Opera 5.12
Opera Opera 5.2
Opera Opera 5.9
Opera Opera 6.0
Opera Opera 6.05
Opera Opera 6.06
Opera Opera 7.0
2.9
CVSSv2
CVE-2015-4640
The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle malicious users to write to language-pack files by modifying an HTTP response. NOTE: CV...
Swiftkey Swiftkey Sdk
5
CVSSv2
CVE-2003-1152
WebTide 7.04 allows remote malicious users to list arbitrary directories via an HTTP request for %3f.jsp (encoded "?").
Infrontech Webtide 7.0.4
6.8
CVSSv2
CVE-2009-2065
Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle malicious users to execute arbitrary web script, in an https site's context, by modifying an http page to inc...
Mozilla Firefox 0.1
Mozilla Firefox 0.6
Mozilla Firefox 0.6.1
Mozilla Firefox 0.9.3
Mozilla Firefox 0.9
Mozilla Firefox 1.0.6
Mozilla Firefox 1.0.7
Mozilla Firefox 1.5.0.11
Mozilla Firefox 1.5.0.12
Mozilla Firefox 1.5.0.8
Mozilla Firefox 1.5.0.9
Mozilla Firefox 1.5.1
Mozilla Firefox 1.5
Mozilla Firefox 2.0.0.16
Mozilla Firefox 2.0.0.17
Mozilla Firefox 2.0.0.7
Mozilla Firefox 2.0.0.9
Mozilla Firefox 2.0.0.8
Mozilla Firefox 2.0 .6
Mozilla Firefox 2.0 .9
Mozilla Firefox 3.0.5
Mozilla Firefox 3.0.6
NA
CVE-2021-33621
The cgi gem prior to 0.1.0.2, 0.2.x prior to 0.2.2, and 0.3.x prior to 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
Ruby-lang Cgi
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Ruby-lang Ruby
NA
CVE-2009-13573
Core Security Technologies Advisory - An HTTP Response Splitting vulnerability has been discovered in Sun Java System Delegated Administrator.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »