Daniel King

CVE-2009-3566 EXPLOITDB text WORKING POC

Mcafee Intrushield Network Security Manager < 5.1.7.74 - XSS

McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.

View Code

CVE-2009-3565 EXPLOITDB text WORKING POC

Mcafee Intrushield Network Security Manager < 5.1.7.74 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.

View Code

EIP-2026-102505 EXPLOITDB text WORKING POC

McAfee Network Security Manager < 5.1.11.8.1 - Information Disclosure

View Code

CVE-2009-3565 EXPLOITDB text WORKING POC

Mcafee Intrushield Network Security Manager < 5.1.7.74 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.

View Code

CVE-2008-7257 EXPLOITDB text WRITEUP

Cisco ASA 5580 - CRLF Injection

CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163.

View Code