CVE-2008-4165

The CVE-2008-4165 entry concerns Kolab Groupware Server 1.0.0. The vulnerable component is admin/user/create_user.php, which places a user password in an HTTP GET request. This allows local administrators and possibly remote attackers to obtain cleartext passwords by inspecting the ssl_access_log...

CVE-2008-4165

admin/user/createuser.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the sslaccesslog file or the referer string...

FreeBSD Ports: apache

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Immunity Canvas: BIGANT22

Name| bigant22 ---|--- CVE| CVE-2008-1914 Exploit Pack| CANVAS Description| Big Ant Messaging Server 2.2 - HTTP GET Stack Overflow Notes| CVE Name: CVE-2008-1914 VENDOR: BigAnt Repeatability: One shot Note: References: http://osvdb.org/show/osvdb/44454 CVE Url: https://vulners.com/cve/CVE-2008-19...

BigAnt IM服务器HTTP GET请求远程栈溢出漏洞

BUGTRAQ ID: 28795 BigAnt Messenger是一款可扩展的企业即时通讯平台。 BigAnt Messenger的AntServer模块（AntServer.exe）中存在栈溢出漏洞，如果向该服务的默认6080/TCP端口发送了超长HTTP GET请求的话，就可以触发这个溢出，导致执行任意指令。 华途软件 BigAnt Messenger 2.2 华途软件 -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.bigant.cn/...

myphp-sql.txt

Name : MyPHP Forum So we can execute an sql injection thrught the bugged variable $id. PoC: http://Site/faq.php?action=view&id=-1'+union+select+1,concatusername,0x3a,password,3+from+tableprefixmember+where+uid=1/ Sql injection in member.php So $member variable isn't controlled so we can exploit i...

3proxy 0.5.3g logurl() Remote Buffer Overflow Exploit (win32) (pl)

No description provided by source. !/usr/bin/perl This module exploits a stack overflow in 3Proxy prior to 0.5.3h, and 0.6b-devel before 20070413. By sending a long host header in HTTP GET request to the default port of 3128, a remote attacker could overflow a buffer and execute arbitrary code...

3proxy 0.5.3g (Windows x86) - logurl() Remote Buffer Overflow (Perl)

3proxy 0.5.3g Windows x86 - logurl Remote Buffer Overflow Perl !/usr/bin/perl This module exploits a stack overflow in 3Proxy prior to 0.5.3h, and 0.6b-devel before 20070413. By sending a long host header in HTTP GET request to the default port of 3128, a remote attacker could overflow a buffer a...

CVE-2007-6316

Cross-site scripting XSS vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page...

CVE-2007-6316

Cross-site scripting XSS vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page...

2007-06 Sentinel Protection Server Directory Traversal

Title ----- Sentinel Protection Server Directory Traversal Severity -------- High Date Discovered --------------- October 10th, 2007 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Corey Lebleu Vulnerability Description ------------------------- A classic...

CVE-2003-1510

TinyWeb 1.9 allows remote attackers to cause a denial of service CPU consumption via a ".%00." in an HTTP GET request to the cgi-bin directory...

CVE-2002-2240

Directory traversal vulnerability in MyServer 0.11 and 0.2 allows remote attackers to read arbitrary files via a ".." dot dot in an HTTP GET request...

CVE-2004-2727

Buffer overflow in MEHTTPS HTTPMail of MailEnable Professional 1.5 through 1.7 allows remote attackers to cause a denial of service application crash via a long HTTP GET request...

CVE-2003-1337

Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request...

gcaldaemon-dos.txt

Secure Network - Security Research Advisory Vuln name: GCALDaemon Remote DoS Systems affected: GCALDaemon 1.0-beta13 all platforms Systems not affected: - Severity: Low Local/Remote: Remote Vendor URL: http://gcaldaemon.sourceforge.net/ Authors: Luca "ikki" Carettoni -...

Planet VC-200M DSL router DoS

Inaccessible administration interface on HTTP GET request with missed Host: header...

CVE-2007-4063

Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to 1 delete comments, 2 delete content revisions, and 3 disable menu items as privileged users, related to improper use of HTTP GET and the Forms API...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to 1 delete comments, 2 delete content revisions, and 3 disable menu items as privileged users, related to improper use of HTTP GET and the Forms API...

Buffer overflow

Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long HTTP GET request to port 2372...