Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cache poisoning vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2006-2479
The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote malicious users to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicio...
Bitrix Bitrix Site Manager 4.0.4
Bitrix Bitrix Site Manager 4.0.5
Bitrix Bitrix Site Manager 4.0.6
Bitrix Bitrix Site Manager 4.0.7
Bitrix Bitrix Site Manager 4.0.2
Bitrix Bitrix Site Manager 4.0.3
Bitrix Bitrix Site Manager 4.0.0
Bitrix Bitrix Site Manager 4.0.8
Bitrix Bitrix Site Manager 4.1.0
7.5
CVSSv2
CVE-2008-3440
Sun Java 1.6.0_03 and previous versions versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache pois...
Sun Java 1.6.0
Sun Java
6.8
CVSSv2
CVE-2014-6106
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote malicious users to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via u...
Ibm Security Identity Manager 5.1.0
Ibm Security Identity Manager 5.1.0.3
Ibm Security Identity Manager 5.1.0.4
Ibm Security Identity Manager 5.1.0.5
Ibm Security Identity Manager 6.0.0.2
Ibm Security Identity Manager 6.0.0.3
Ibm Security Identity Manager 6.0.0.4
Ibm Security Identity Manager 5.1.0.7
Ibm Security Identity Manager 5.1.0.9
Ibm Security Identity Manager 5.1.0.14
Ibm Security Identity Manager 6.0.0.0
Ibm Security Identity Manager 5.1.0.10
Ibm Security Identity Manager 5.1.0.11
Ibm Security Identity Manager 5.1.0.12
Ibm Security Identity Manager 5.1.0.13
Ibm Security Identity Manager 7.0.0.0
Ibm Security Identity Manager 5.1.0.6
Ibm Security Identity Manager 5.1.0.8
Ibm Security Identity Manager 5.1.0.15
Ibm Security Identity Manager 6.0.0.1
5
CVSSv2
CVE-2016-3725
Jenkins prior to 2.3 and LTS prior to 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).
Jenkins Jenkins
Redhat Openshift 3.1
Redhat Openshift 3.2
5.8
CVSSv2
CVE-2020-28473
The package bottle from 0 and prior to 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the pr...
Bottlepy Bottle
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2021-41267
Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trusted_headers" allowed list are ignored and protect users from "Cache poisoning&...
Sensiolabs Symfony
4
CVSSv2
CVE-2018-8004
There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later version...
Apache Traffic Server
Debian Debian Linux 9.0
7.5
CVSSv2
CVE-2002-0676
SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote malicious users to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Hor...
Apple Mac Os X 10.1.1
Apple Mac Os X 10.1.2
Apple Mac Os X 10.1.3
Apple Mac Os X 10.1.4
Apple Mac Os X 10.1
Apple Mac Os X 10.1.5
1 EDB exploit
5
CVSSv2
CVE-2021-41451
A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated malicious user to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning at...
Tp-link Archer Ax10 Firmware
NA
CVE-2024-29042
Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of ...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »