Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2009-2067 EPSS 0.00

Opera - XSS

Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

CWE-287 Jun 15, 2009

CVE-2009-2066 EPSS 0.00

Apple Safari - XSS

Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

CWE-287 Jun 15, 2009

CVE-2009-2065 EPSS 0.00

Mozilla Firefox 3.0.10 - XSS

Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

CWE-287 Jun 15, 2009

CVE-2009-2064 EPSS 0.15

Microsoft Internet Explorer 8 - XSS

Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

CWE-287 Jun 15, 2009

CVE-2009-2063 EPSS 0.00

Opera <9.25 - XSS

Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.

CWE-287 Jun 15, 2009

CVE-2009-2062 EPSS 0.00

Apple Safari <3.2.2 - XSS

Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.

CWE-287 Jun 15, 2009

CVE-2009-2060 EPSS 0.00

Google Chrome <1.0.154.53 - SSRF

src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

CWE-287 Jun 15, 2009

CVE-2009-2059 EPSS 0.00

Opera <9.25 - SSRF

Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

CWE-287 Jun 15, 2009

CVE-2009-2058 EPSS 0.00

Apple Safari <3.2.2 - SSRF

Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

CWE-287 Jun 15, 2009

CVE-2009-2057 EPSS 0.09

Microsoft Internet Explorer <8 - SSRF

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

CWE-287 Jun 15, 2009

CVE-2009-1836 EPSS 0.02

Mozilla Firefox < 3.0.10 - Authentication Bypass

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

CWE-287 Jun 12, 2009

CVE-2009-2040 1 PoC Analysis EPSS 0.03

Grestul 1.2 - Auth Bypass

admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct request.

CWE-287 Jun 12, 2009

CVE-2009-1122 1 PoC Analysis EPSS 0.92

Microsoft Internet Information Services - Authentication Bypass

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.

CWE-287 Jun 10, 2009

CVE-2009-1535 4 PoCs Analysis EPSS 0.92

Microsoft Internet Information Services - Authentication Bypass

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.

CWE-287 Jun 10, 2009

CVE-2009-2003 2 PoCs Analysis EPSS 0.01

Ascad Networks Password Protector SD <1.3.1 - Auth Bypass

Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin."

CWE-287 Jun 08, 2009

CVE-2009-1905 EPSS 0.00

IBM DB2 <8.FP17, <9.1.FP7, <9.5.FP4 - Auth Bypass

The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.

CWE-287 Jun 03, 2009

CVE-2009-1854 1 PoC Analysis EPSS 0.01

Cmsnx Million Dollar Text Links - Authentication Bypass

Million Dollar Text Links 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the userid cookie to 1.

CWE-287 Jun 01, 2009

CVE-2009-1826 1 PoC Analysis EPSS 0.03

Collector Mygesuad - Authentication Bypass

modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.

CWE-287 May 29, 2009

CVE-2009-1825 1 PoC Analysis EPSS 0.04

Collector Mycolex - Authentication Bypass

modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.

CWE-287 May 29, 2009

CVE-2009-1384 EPSS 0.02

Eyrie Pam-krb5 - Authentication Bypass

pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

CWE-287 May 28, 2009

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps