2228 matches found
Visitor Data Module for Joomla! X-Forwarded-For Header RCE
The version of the Visitor Data module for Joomla! running on the remote host is affected by a remote code execution vulnerability due to improper sanitization of user-supplied input to the X-Forwarded-For request header before passing it to the exec function. An unauthenticated, remote attacker...
Joomla Module Camp26 Visitor Data 1.1 Remote code Execution
No description provided by source. Joomla Module Camp26 Visitor Data 1.1 Remote code Execution ============================================================ - Discovered by : Chip D3 Bi0s - Email : [email protected] - Date : 2010-04-28 - Severity : 9/10 CVSS scored -----------------------------...
IP address spoofing in e107
Vulnerability ID: HTB22343 Reference: http://www.htbridge.ch/advisory/ipaddressspoofingine107.html Product: e107 Website System Vendor: e107 Vulnerable Version: 0.7.19 and Probably Prior Versions Vendor Notification: 05 April 2010 Vulnerability Type: Application Logic Error Status: Not Fixed,...
e107 0.7.19 Source IP Address Spoof
Vulnerability ID: HTB22343 Reference: http://www.htbridge.ch/advisory/ipaddressspoofingine107.html Product: e107 Website System Vendor: e107 Vulnerable Version: 0.7.19 and Probably Prior Versions Vendor Notification: 05 April 2010 Vulnerability Type: Application Logic Error Status: Not Fixed,...
Simple forged X-Forwarded-For-bug warning-the black bar safety net
On the forged X-Forwarded-For purposes I will not say more. In the invasion of a PHP station, the GPC is ON, Character type injection all., while in PHP5, the GPC the default is open. But GPC for$SERVER without any effect, So you can fake the$SERVER to achieve the injection to the purpose. IP. in...
OpenSSH X Connections Session Hijacking Vulnerability
OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...
Simple forged X-Forwarded-For-bug warning-the black bar safety net
On the forged X-Forwarded-For purposes I will not say more. In the invasion of a PHP station, the GPC is ON, Character type injection all., while in PHP5, the GPC the default is open. But GPC for$SERVER without any effect, So you can fake the$SERVER to achieve the injection to the purpose. IP. in...
Snitz Forums 2000 active.asp HTTP X-Forwarded-For Header SQL Injection
The version of Snitz Forums 2000 hosted on the remote host fails to sanitize input to the 'X-Forwarded-For' header in the 'active.asp' script when called with the 'AllRead' POST parameter set to 'Y' before using it to construct a database query. An unauthenticated, remote attacker can leverage th...
CVE-2009-3287
lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header...
Design/Logic Flaw
lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header...
CVE-2009-3287
lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header...
CVE-2009-3287
lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header...
CVE-2009-3287
CVE-2009-3287 affects Thin (lib/thin/connection.rb) prior to 1.2.4. The root cause is reliance on the X-Forwarded-For header to determine the client IP, allowing remote attackers to spoof the IP address and hide activities via a modified header. Impact is described as partial confidentiality, int...
CVE-2009-3287
lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header...
Arab Portal 2.2 SQL Injection
Script Name : Arab portal 2.2 Remote Auth SQL Bypass Vulnerabilitiy Script home : http://www.arab-portal.info/arabportal22.zip Exploit risk level : High Found By : RoMaNcYxHaCkEr RXH Written By : Sniper Code S.C.T - 443 Our home : WwW.Sec-Code.CoM Security - Codes TeaM...
Arab Portal 2.2 (Auth Bypass) Remote SQL Injection Vulnerability
No description provided by source. Script Name : Arab portal 2.2 Remote Auth SQL Bypass Vulnerabilitiy Script home : http://www.arab-portal.info/arabportal22.zip Exploit risk level : High Found By : RoMaNcYxHaCkEr RXH Written By : Sniper Code S.C.T - 443 Our home : WwW.Sec-Code.CoM Security - Cod...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via 1 the close parameter to showThumb.aspx; 2 SBredirect and 3 SBfeedback parameters in processsend.asp, as reachable through default.asp; 4 paramCode and 5 cColor...
Ubuntu: Security Advisory (USN-668-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ilch CMS SQL Injection
Ilch CMS from http://ilch.de is vulnerable to sql-injection Prone to the vulnerabilty are the guestbook and the statistics. - Affected Versions: ilch 1.1L and below - Not vulnerable: ilch 1.1M - Exploit: Spoof your x-forwarded-for header to: 127.0.0.1', select pass from prefixuser WHERE id 0 ORDE...
CVE-2008-5132
SQL injection vulnerability in inc/ajax/ajaxrating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...