Lucene search
K

2228 matches found

Tenable Nessus
Tenable Nessus
added 2010/05/13 12:0 a.m.26 views

Visitor Data Module for Joomla! X-Forwarded-For Header RCE

The version of the Visitor Data module for Joomla! running on the remote host is affected by a remote code execution vulnerability due to improper sanitization of user-supplied input to the X-Forwarded-For request header before passing it to the exec function. An unauthenticated, remote attacker...

6.9AI score
Exploits0References1
seebug.org
seebug.org
added 2010/05/12 12:0 a.m.24 views

Joomla Module Camp26 Visitor Data 1.1 Remote code Execution

No description provided by source. Joomla Module Camp26 Visitor Data 1.1 Remote code Execution ============================================================ - Discovered by : Chip D3 Bi0s - Email : [email protected] - Date : 2010-04-28 - Severity : 9/10 CVSS scored -----------------------------...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2010/04/22 12:0 a.m.42 views

IP address spoofing in e107

Vulnerability ID: HTB22343 Reference: http://www.htbridge.ch/advisory/ipaddressspoofingine107.html Product: e107 Website System Vendor: e107 Vulnerable Version: 0.7.19 and Probably Prior Versions Vendor Notification: 05 April 2010 Vulnerability Type: Application Logic Error Status: Not Fixed,...

1.7AI score
Exploits0
Packet Storm
Packet Storm
added 2010/04/21 12:0 a.m.25 views

e107 0.7.19 Source IP Address Spoof

Vulnerability ID: HTB22343 Reference: http://www.htbridge.ch/advisory/ipaddressspoofingine107.html Product: e107 Website System Vendor: e107 Vulnerable Version: 0.7.19 and Probably Prior Versions Vendor Notification: 05 April 2010 Vulnerability Type: Application Logic Error Status: Not Fixed,...

7.4AI score
Exploits0
myhack58
myhack58
added 2010/04/20 12:0 a.m.18 views

Simple forged X-Forwarded-For-bug warning-the black bar safety net

On the forged X-Forwarded-For purposes I will not say more. In the invasion of a PHP station, the GPC is ON, Character type injection all., while in PHP5, the GPC the default is open. But GPC for$SERVER without any effect, So you can fake the$SERVER to achieve the injection to the purpose. IP. in...

7.5AI score
Exploits0
OpenVAS
OpenVAS
added 2010/04/19 12:0 a.m.73 views

OpenSSH X Connections Session Hijacking Vulnerability

OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...

6.9CVSS6.3AI score0.00346EPSS
Exploits1References14
myhack58
myhack58
added 2010/04/14 12:0 a.m.24 views

Simple forged X-Forwarded-For-bug warning-the black bar safety net

On the forged X-Forwarded-For purposes I will not say more. In the invasion of a PHP station, the GPC is ON, Character type injection all., while in PHP5, the GPC the default is open. But GPC for$SERVER without any effect, So you can fake the$SERVER to achieve the injection to the purpose. IP. in...

7.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/01/07 12:0 a.m.26 views

Snitz Forums 2000 active.asp HTTP X-Forwarded-For Header SQL Injection

The version of Snitz Forums 2000 hosted on the remote host fails to sanitize input to the 'X-Forwarded-For' header in the 'active.asp' script when called with the 'AllRead' POST parameter set to 'Y' before using it to construct a database query. An unauthenticated, remote attacker can leverage th...

5.9AI score
Exploits0
NVD
NVD
added 2009/09/22 10:30 a.m.18 views

CVE-2009-3287

lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header...

7.5CVSS6.5AI score0.01382EPSS
Exploits0References3
Prion
Prion
added 2009/09/22 10:30 a.m.21 views

Design/Logic Flaw

lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header...

7.5CVSS7AI score0.01382EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2009/09/22 10:30 a.m.10 views

CVE-2009-3287

lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header...

6.3AI score
Exploits0References3
Debian CVE
Debian CVE
added 2009/09/22 10:0 a.m.28 views

CVE-2009-3287

lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header...

7.5CVSS6.2AI score0.01382EPSS
Exploits0
CVE
CVE
added 2009/09/22 10:0 a.m.91 views

CVE-2009-3287

CVE-2009-3287 affects Thin (lib/thin/connection.rb) prior to 1.2.4. The root cause is reliance on the X-Forwarded-For header to determine the client IP, allowing remote attackers to spoof the IP address and hide activities via a modified header. Impact is described as partial confidentiality, int...

7.5CVSS6.5AI score0.01382EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2009/09/22 10:0 a.m.25 views

CVE-2009-3287

lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header...

6.5AI score0.01382EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2009/05/30 12:0 a.m.28 views

Arab Portal 2.2 SQL Injection

Script Name : Arab portal 2.2 Remote Auth SQL Bypass Vulnerabilitiy Script home : http://www.arab-portal.info/arabportal22.zip Exploit risk level : High Found By : RoMaNcYxHaCkEr RXH Written By : Sniper Code S.C.T - 443 Our home : WwW.Sec-Code.CoM Security - Codes TeaM...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2009/05/29 12:0 a.m.22 views

Arab Portal 2.2 (Auth Bypass) Remote SQL Injection Vulnerability

No description provided by source. Script Name : Arab portal 2.2 Remote Auth SQL Bypass Vulnerabilitiy Script home : http://www.arab-portal.info/arabportal22.zip Exploit risk level : High Found By : RoMaNcYxHaCkEr RXH Written By : Sniper Code S.C.T - 443 Our home : WwW.Sec-Code.CoM Security - Cod...

7.1AI score
Exploits0
Prion
Prion
added 2009/04/08 10:30 a.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via 1 the close parameter to showThumb.aspx; 2 SBredirect and 3 SBfeedback parameters in processsend.asp, as reachable through default.asp; 4 paramCode and 5 cColor...

4.3CVSS6.1AI score0.01718EPSS
Exploits1References6Affected Software1
OpenVAS
OpenVAS
added 2009/03/23 12:0 a.m.22 views

Ubuntu: Security Advisory (USN-668-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.8AI score0.05865EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2009/02/06 12:0 a.m.20 views

Ilch CMS SQL Injection

Ilch CMS from http://ilch.de is vulnerable to sql-injection Prone to the vulnerabilty are the guestbook and the statistics. - Affected Versions: ilch 1.1L and below - Not vulnerable: ilch 1.1M - Exploit: Spoof your x-forwarded-for header to: 127.0.0.1', select pass from prefixuser WHERE id 0 ORDE...

0.4AI score
Exploits0
NVD
NVD
added 2008/11/18 11:30 a.m.15 views

CVE-2008-5132

SQL injection vulnerability in inc/ajax/ajaxrating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...

7.5CVSS8.4AI score0.02359EPSS
Exploits1References7
Rows per page
Query Builder