CVE-2007-1685

Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long HTTP GET request to port 2372...

CVE-2007-1685

Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long HTTP GET request to port 2372...

CVE-2007-1685

CVE-2007-1685 describes a buffer overflow in k9filter.exe of BlueCoat K9 Web Protection 3.2.36 (and likely earlier versions before 3.2.44) that can be triggered by a long HTTP GET request to port 2372. The vulnerability may allow a remote attacker to cause a denial of service (crash) and potentia...

sparkassen-xss.txt

The "Sparkassen-Finanzgruppe" with a transaction volume of over 3.300 billion euro is one of the largest banks for private customers in germany. Many local member-banks of the group use the online banking portal provided by sfze http://www.sfze.de/, a subsidiary company of Sparkassen-Finanzgruppe...

Memory corruption

Microsoft Content Management Server MCMS 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."...

FreeBSD : zope -- XSS vulnerability (34414a1e-e377-11db-b8ab-000c76189c4c)

The Zope Team reports : A vulnerability has been discovered in Zope, where by certain types of misuse of HTTP GET, an attacker could gain elevated privileges. All Zope versions up to and including 2.10.2 are affected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Buffer overflow

Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long 1 /cgi-bin/ or 2 /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112...

CVE-2007-1733

Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long 1 /cgi-bin/ or 2 /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112...

Cross site scripting

Cross-site scripting XSS vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request...

CVE-2007-0240

Cross-site scripting XSS vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request...

CVE-2007-0240

Cross-site scripting XSS vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request...

CVE-2007-0240

Cross-site scripting XSS vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request...

CVE-2007-0240

The CVE-2007-0240 entry describes a cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier, exploitable via unspecified vectors in HTTP GET requests, allowing an attacker to inject arbitrary web script/HTML that runs in the victim’s browser. The OpenVAS/Debian/SUSE/Nessus advisories ...

Kronolith: Local file inclusion

Background Kronolith is a web-based calendar which relies on the Horde Framework for integration with other applications. Description Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered string is used instead of a sanitized string to view local files. Impact An authenticated...

Cisco Secure Access Control Server vulnerable to a stack-based buffer overflow via a specially crafted "HTTP GET" request

Overview A vulnerability in the web administrative server supplied with Cisco Secure ACS products could allow a remote attacker to execute arbitrary code on an affected system. Description Cisco Secure ACS is a Remote Access Dial-In User Service RADIUS and Terminal Access Controller Access Contro...

EUVD-2006-6838

AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service daemon crash via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from third party information...

CVE-2006-6855

AIDeX Mini-WebServer 1.1 early release 3 is affected by a remote denial-of-service vulnerability: a flood of HTTP GET requests can crash the daemon, possibly tied to the GUI’s HTTP log data display. Root cause details are not provided, and no patch/mitigation is specified in the available documen...

CVE-2006-6855

AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service daemon crash via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from third party information...

kronolith -- arbitrary local file inclusion vulnerability

iDefense Labs reports: Remote exploitation of a design error in Horde's Kronolith could allow an authenticated web mail user to execute arbitrary PHP code under the security context of the running web server. The vulnerability specifically exists due to a design error in the way it includes certa...

ELOG Web Logbook Remote Denial of Service Vulnerability

ELOG Web Logbook Remote Denial of Service Vulnerability OS2A ID: OS2A1008 Status: 10/31/2006 Issue Discovered 11/08/2006 Reported to the Vendor 11/08/2006 Fixed by Vendor 11/10/2006 Advisory Released Class: Denial of Service Severity: Medium Overview: --------- The Electronic Logbook ELOG is part...