Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cache poisoning vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2008-3440
Sun Java 1.6.0_03 and previous versions versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache pois...
Sun Java 1.6.0
Sun Java
445
VMScore
CVE-2016-3725
Jenkins prior to 2.3 and LTS prior to 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).
Jenkins Jenkins
Redhat Openshift 3.1
Redhat Openshift 3.2
445
VMScore
CVE-2006-2479
The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote malicious users to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicio...
Bitrix Bitrix Site Manager 4.0.4
Bitrix Bitrix Site Manager 4.0.5
Bitrix Bitrix Site Manager 4.0.6
Bitrix Bitrix Site Manager 4.0.7
Bitrix Bitrix Site Manager 4.0.2
Bitrix Bitrix Site Manager 4.0.3
Bitrix Bitrix Site Manager 4.0.0
Bitrix Bitrix Site Manager 4.0.8
Bitrix Bitrix Site Manager 4.1.0
383
VMScore
CVE-2011-0163
WebKit, as used in Apple Safari prior to 5.0.4 and iOS prior to 4.3, does not properly handle unspecified "cached resources," which allows remote malicious users to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisonin...
Apple Safari 2.0.1
Apple Safari 2.0.3
Apple Safari 1.3.1
Apple Safari 1.2.2
Apple Safari 1.2
Apple Safari 1.0
Apple Safari 1.0.0b1
Apple Safari 1.0.0b2
Apple Safari 3.0
Apple Safari 3.0.0
Apple Safari 3.0.3
Apple Safari 3.0.3b
Apple Safari 3.1.2
Apple Safari 3.2.0
Apple Safari 3.2.2
Apple Safari 4.1
Apple Safari 4.1.1
Apple Safari 1.3.2
Apple Safari 1.3.0
Apple Safari 1.2.0
Apple Safari 1.0.3
Apple Safari 1.0.2
516
VMScore
CVE-2020-28473
The package bottle from 0 and prior to 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the pr...
Bottlepy Bottle
Debian Debian Linux 9.0
357
VMScore
CVE-2018-8004
There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later version...
Apache Traffic Server
Debian Debian Linux 9.0
383
VMScore
CVE-2021-41267
Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trusted_headers" allowed list are ignored and protect users from "Cache poisoning&...
Sensiolabs Symfony
445
VMScore
CVE-2021-41451
A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated malicious user to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning at...
Tp-link Archer Ax10 Firmware
755
VMScore
CVE-2002-0676
SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote malicious users to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Hor...
Apple Mac Os X 10.1.1
Apple Mac Os X 10.1.2
Apple Mac Os X 10.1.3
Apple Mac Os X 10.1.4
Apple Mac Os X 10.1
Apple Mac Os X 10.1.5
1 EDB exploit
NA
CVE-2024-29042
Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of ...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »