CVE-2006-4450

usercpavatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request...

NewsLetter <= 3.5 (NL_PATH) Remote File Inclusion Vulnerability

No description provided by source. ================================================================= NewsLetter v3.5 = NLPATH Remote File Inclusion Exploit ================================================================ | Critical Level : Dangerous | | Venedor site : http://knusperleicht.at/ | |...

CVE-2006-3534

The SHOUTcast DSP server is affected by two CVEs: CVE-2006-3534 (pre-1.9.6) and CVE-2006-3535 (pre-1.9.7). The underlying issue is a directory traversal filter bug that decodes input after treating encoded sequences, enabling remote attackers to read arbitrary files via encoded dot-dot (%2E%2E) i...

Directory traversal

Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. dot dot in an HTTP GET request to TCP port 5225...

CVE-2006-1159

Format string vulnerability in Easy File Sharing EFS Web Server 3.2 allows remote attackers to cause a denial of service server crash and possibly execute arbitrary code via format string specifiers in the query string argument in an HTTP GET request...

Format string

Format string vulnerability in Easy File Sharing EFS Web Server 3.2 allows remote attackers to cause a denial of service server crash and possibly execute arbitrary code via format string specifiers in the query string argument in an HTTP GET request...

CVE-2006-1159

Format string vulnerability in Easy File Sharing EFS Web Server 3.2 allows remote attackers to cause a denial of service server crash and possibly execute arbitrary code via format string specifiers in the query string argument in an HTTP GET request...

CVE-2004-2614

CVE-2004-2614 describes a buffer overflow in MyWeb 3.3 exploitable by a long HTTP GET request. Consequence: remote denial of service and potential arbitrary code execution. Affected software: MyWeb 3.3. Root cause: buffer overflow. Exploitation details, affected versions beyond 3.3, and remediati...

CVE-2004-2614

Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long HTTP GET request...

Goollery < 0.04b Multiple XSS Vulnerabilities - Active Check

Goollery is prone to multiple cross-site-scripting XSS vulnerabilities eg. through the SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

eXtropia Web Store Remote File Retrieval Vulnerability - Active Check

eXtropia SPDX-FileCopyrightText: 2000 Thomas Reinke Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10532";...

TinyWeb < 1.93 Multiple Vulnerabilities

TinyWeb is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2003 Matt North Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.11894...

CVE-2005-3033

Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long HTTP GET request...

CVE-2004-2416

CVE-2004-2416 is a buffer overflow in CCProxy’s Telnet proxy ping command for CCProxy v6.2 and earlier. The stack can be overwritten by sending an overly long address to the ping (p) command, allowing remote code execution on vulnerable Windows systems. Public proof‑of‑concepts and exploits exist...

CVE-2004-2416

Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request...

CVE-2005-2420

CVE-2005-2420 affects FtpLocate 2.02 (flsearch.pl) and allows remote command execution by injecting shell metacharacters through HTTP GET. Connected Nessus plugin NASL confirms a remote file inclusion style input manipulation via the fsite parameter, enabling arbitrary command execution on the af...

CVE-2005-2420

flsearch.pl in FtpLocate 2.02 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP GET request...

CVE-2004-2271

CVE-2004-2271 affects MiniShare webserver versions 1.4.1 and earlier. The vulnerability is a remote buffer overflow in the HTTP request handling, originally demonstrated via a long GET request, which can be exploited to execute arbitrary code. Connected exploits and payloads show that not only GE...

CVE-2004-2271

Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request...

Oracle Reports Server 6.0.8/9.0.x - Unauthorized Report Execution

source: https://www.securityfocus.com/bid/14316/info Oracle Reports Server is susceptible to an unauthorized report execution vulnerability. By placing a report file in a globally accessible location, users can trigger the execution of the report by issuing an HTTP GET request to the affected...