39 matches found
WebGate eDVR Manager 2.6.4 - Connect Method Stack Buffer Overflow
var arg1="PraveenD"; var arg2=1; var arg3= ""; var arg4="PraveenD"; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i1664; i++ arg3 += "B"; var nseh = "\xeb\x10PD"; //WESPSerialPort.dll0x100104e7 = pop pop ret var seh = "\xe7\x04\x01\x10"; for i=0;i80; i++ nops += "\x90"; shellcode =...
(0Day) WebGate eDVR Manager WESPSerialPort.WESPSerialPortCtrl.1 Connect Method Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate eDVR Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Design/Logic Flaw
DISPUTED Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable...
CVE-2012-2213
Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and...
CVE-2012-2212
McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable...
CVE-2012-2212
McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable...
CVE-2012-2212
CVE-2012-2212 affects McAfee Web Gateway 7.0. The issue arises when the appliance bypasses the access configuration for the CONNECT method based on the Host header, allowing an arbitrary allowed hostname to bypass URL filtering. Public Red Hat/RedHat-like entries corroborate the behavior and note...
CVE-2012-2213
CVE-2012-2213 affects Squid 3.1.9. The issue allows remote attackers to bypass access control for the CONNECT method by supplying an arbitrary hostname in the Host HTTP header, enabling potential access to blocked sites via SSL. The core cause is host header-based ACL evaluation in the CONNECT ha...
PT-2012-3886 · Squid · Squid +1
Name of the Vulnerable Software and Affected Versions: Squid version 3.1.9 Description: The issue allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. Note that this issue might not be reproducible du...
PT-2012-3885 · Mcafee · Mcafee Web Gateway
Name of the Vulnerable Software and Affected Versions: McAfee Web Gateway version 7.0 Description: The issue allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. It is noted that this issue might not ...
CVE-2010-4230
Stack-based buffer overflow in a certain ActiveX control for the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to execute arbitrary code via a long string in the first argument to the connect method...
flash-plugin: multiple security flaws (APSB10-14)
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different argument...
flash-plugin: multiple security flaws (APSB10-14)
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different argument...
HTTP CONNECT Proxy Detection
The remote service supports the HTTP CONNECT method for tunneling connections through an HTTP connection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid34473; scriptversion"1.10";...
Buffer overflow
Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 aka SQL Server 8.0 allows remote attackers to cause a denial of service browser crash or possibly execute arbitrary code via a long URL in the second argument to the Connect...
CVE-2007-1029
Stack-based buffer overflow in the Connect method in the IMAP4 component in Quiksoft EasyMail Objects before 6.5 allows remote attackers to execute arbitrary code via a long host name...
EasyMail ActiveX buffer overflow
Buffer overflow in IMAP4 object's Connect method...
Blue Coat ProxySG proxy server protection bypass
It's possible to bypass target port limitations with HTTP CONNECT method...
Multiple vendors' HTTP content/virus scanners do not check data tunneled via HTTP CONNECT method
Overview Multiple vendors' HTTP anti-virus and content filters do not inspect the contents of HTTP CONNECT method tunnels. As a result, viruses or other restricted HTTP content may not be blocked as specified by policy. Description Many anti-virus and content filter products that are designed to...