Lucene search
K

39 matches found

Exploit DB
Exploit DB
added 2015/04/02 12:0 a.m.37 views

WebGate eDVR Manager 2.6.4 - Connect Method Stack Buffer Overflow

var arg1="PraveenD"; var arg2=1; var arg3= ""; var arg4="PraveenD"; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i1664; i++ arg3 += "B"; var nseh = "\xeb\x10PD"; //WESPSerialPort.dll0x100104e7 = pop pop ret var seh = "\xe7\x04\x01\x10"; for i=0;i80; i++ nops += "\x90"; shellcode =...

7.4AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2015/02/27 12:0 a.m.24 views

(0Day) WebGate eDVR Manager WESPSerialPort.WESPSerialPortCtrl.1 Connect Method Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate eDVR Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.5CVSS8.7AI score0.2414EPSS
Exploits4References2
Prion
Prion
added 2012/04/28 10:6 a.m.16 views

Design/Logic Flaw

DISPUTED Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable...

5CVSS7.4AI score0.12314EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2012/04/28 10:6 a.m.47 views

CVE-2012-2213

Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and...

5CVSS6AI score0.12314EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2012/04/28 10:0 a.m.18 views

CVE-2012-2212

McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable...

7.4AI score0.01445EPSS
Exploits0References3
Cvelist
Cvelist
added 2012/04/28 10:0 a.m.33 views

CVE-2012-2212

McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable...

6.8AI score0.01445EPSS
Exploits0References3
CVE
CVE
added 2012/04/28 10:0 a.m.95 views

CVE-2012-2212

CVE-2012-2212 affects McAfee Web Gateway 7.0. The issue arises when the appliance bypasses the access configuration for the CONNECT method based on the Host header, allowing an arbitrary allowed hostname to bypass URL filtering. Public Red Hat/RedHat-like entries corroborate the behavior and note...

5CVSS7AI score0.01445EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2012/04/28 10:0 a.m.59 views

CVE-2012-2213

CVE-2012-2213 affects Squid 3.1.9. The issue allows remote attackers to bypass access control for the CONNECT method by supplying an arbitrary hostname in the Host HTTP header, enabling potential access to blocked sites via SSL. The core cause is host header-based ACL evaluation in the CONNECT ha...

5CVSS6.9AI score0.12314EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2012/04/28 12:0 a.m.5 views

PT-2012-3886 · Squid · Squid +1

Name of the Vulnerable Software and Affected Versions: Squid version 3.1.9 Description: The issue allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. Note that this issue might not be reproducible du...

5CVSS7.5AI score0.12314EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2012/04/28 12:0 a.m.7 views

PT-2012-3885 · Mcafee · Mcafee Web Gateway

Name of the Vulnerable Software and Affected Versions: McAfee Web Gateway version 7.0 Description: The issue allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. It is noted that this issue might not ...

5CVSS7.2AI score0.01445EPSS
Exploits0References6
Cvelist
Cvelist
added 2010/11/16 11:0 p.m.18 views

CVE-2010-4230

Stack-based buffer overflow in a certain ActiveX control for the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to execute arbitrary code via a long string in the first argument to the connect method...

8.1AI score0.05661EPSS
Exploits5References3
RedHat Linux
RedHat Linux
added 2010/06/14 10:28 p.m.5 views

flash-plugin: multiple security flaws (APSB10-14)

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different argument...

9.3CVSS6.2AI score0.06751EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2010/06/11 4:32 p.m.5 views

flash-plugin: multiple security flaws (APSB10-14)

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different argument...

9.3CVSS6.2AI score0.06751EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2008/10/22 12:0 a.m.29 views

HTTP CONNECT Proxy Detection

The remote service supports the HTTP CONNECT method for tunneling connections through an HTTP connection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid34473; scriptversion"1.10";...

5.5AI score
Exploits0
Prion
Prion
added 2008/09/16 10:0 p.m.22 views

Buffer overflow

Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 aka SQL Server 8.0 allows remote attackers to cause a denial of service browser crash or possibly execute arbitrary code via a long URL in the second argument to the Connect...

7.6CVSS8.8AI score0.18415EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2007/02/21 11:28 a.m.18 views

CVE-2007-1029

Stack-based buffer overflow in the Connect method in the IMAP4 component in Quiksoft EasyMail Objects before 6.5 allows remote attackers to execute arbitrary code via a long host name...

7.6CVSS7.9AI score0.07442EPSS
Exploits0References8
securityvulns
securityvulns
added 2007/02/16 12:0 a.m.43 views

EasyMail ActiveX buffer overflow

Buffer overflow in IMAP4 object's Connect method...

7.6CVSS3.6AI score0.07442EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2006/02/01 12:0 a.m.53 views

Blue Coat ProxySG proxy server protection bypass

It's possible to bypass target port limitations with HTTP CONNECT method...

0.7AI score
Exploits0References1Affected Software1
CERT
CERT
added 2002/10/15 12:0 a.m.19 views

Multiple vendors' HTTP content/virus scanners do not check data tunneled via HTTP CONNECT method

Overview Multiple vendors' HTTP anti-virus and content filters do not inspect the contents of HTTP CONNECT method tunnels. As a result, viruses or other restricted HTTP content may not be blocked as specified by policy. Description Many anti-virus and content filter products that are designed to...

7AI score
Exploits0References3
Rows per page
Query Builder