Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cache poisoning vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-3437
OpenOffice.org (OOo) prior to 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Openoffice Openoffice.org 2.0
Openoffice Openoffice.org 2.0.2
Openoffice Openoffice.org 2.0.3
Openoffice Openoffice.org 2.0.4
Openoffice Openoffice.org 1.1.5
7.5
CVSSv2
CVE-2008-3438
Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Apple Mac Os X
7.5
CVSSv2
CVE-2008-3434
Apple iTunes prior to 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Apple Itunes 1.1.2
Apple Itunes 2.0
Apple Itunes 4.0
Apple Itunes 4.0.1
Apple Itunes 4.9
Apple Itunes 5.0
Apple Itunes 6.0.4.2
Apple Itunes
Apple Itunes 2.0.1
Apple Itunes 2.0.2
Apple Itunes 4.1
Apple Itunes 4.2
Apple Itunes 5.0.1
Apple Itunes 6.0
Apple Itunes 1.0
Apple Itunes 2.0.3
Apple Itunes 2.0.4
Apple Itunes 4.5
Apple Itunes 4.6
Apple Itunes 6.0.1
Apple Itunes 6.0.2
Apple Itunes 1.1
7.5
CVSSv2
CVE-2008-3441
Nullsoft Winamp prior to 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Nullsoft Winamp
NA
CVE-2024-21507
Versions of the package mysql2 prior to 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.
4.3
CVSSv2
CVE-2017-1773
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817.
Ibm Datapower Gateway
7.5
CVSSv2
CVE-2008-3439
SpeedBit Video Acceleration prior to 2.2.1.8 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Speedbit Speedbit Video Accelerator
2.6
CVSSv2
CVE-2017-9071
In MODX Revolution prior to 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning.
Modx Modx Revolution
7.5
CVSSv2
CVE-2008-3435
LinkedIn Browser Toolbar 3.0.3.1100 and previous versions does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Linkedin Browser Toolbar
7.5
CVSSv2
CVE-2008-3433
SpeedBit Download Accelerator Plus (DAP) prior to 8.6.3.9 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Speedbit Download Accelerator Plus 8.1
Speedbit Download Accelerator Plus
Speedbit Download Accelerator Plus 8.0
Speedbit Download Accelerator Plus 8.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »