5900 matches found
[SA23537] SPINE Cross-Site Request Forgery Vulnerability
TITLE: SPINE Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA23537 VERIFY ADVISORY: http://secunia.com/advisories/23537/ CRITICAL: Less critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: SPINE 1.x http://secunia.com/product/13145/ DESCRIPTION:...
Trac: Cross-site request forgery
Background Trac is a wiki and issue tracking system for software development projects. Description Trac allows users to perform certain tasks via HTTP requests without performing correct validation on those requests. Impact An attacker could entice an authenticated user to browse to a specially...
CVE-2006-6303
The readmultipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service infinite loop via crafted HTTP requests, a different issue than CVE-2006-5467...
CVE-2006-6303
The readmultipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service infinite loop via crafted HTTP requests, a different issue than CVE-2006-5467...
CVE-2006-6303
The readmultipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service infinite loop via crafted HTTP requests, a different issue than CVE-2006-5467...
NaviCOPA Web Server fails to properly handle certain HTTP requests
Overview A vulnerability exists in the NaviCOPA Web Server. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code. Description NaviCOPA Web Server is an HTTP server that is available for multiple versions of Microsoft Windows including Windows 98, NT, 2000,...
GLSA-200611-04 : Bugzilla: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200611-04 Bugzilla: Multiple Vulnerabilities The vulnerabilities identified in Bugzilla are as follows: Frederic Buclin and Gervase Markham discovered that input passed to various fields throughout Bugzilla were not properly...
Debian DSA-901-1 : gnump3d - programming error
Several vulnerabilities have been discovered in gnump3d, a streaming server for MP3 and OGG files. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2005-3349 Ludwig Nussel discovered several temporary files that are created with predictable filenames in a...
Moodle < 1.6.2 Multiple Vulnerabilities
Binary data 3742.prm...
Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)"
Sending arbitrary HTTP requests with Flash 7/8 +IE 6.0 Amit Klein, August 2006 The trick ========= In 1, I showed how to forge parts of HTTP requests containing CRs and LFs using Flash. In that write-up, the data was part of the HTTP body section. However, combining the Content-Length overriding...
CVE-2006-4134
Unspecified vulnerability related to a "design flaw" in SAP Internet Graphics Service IGS 6.40 and earlier and 7.00 and earlier allows remote attackers to cause a denial of service service shutdown via certain HTTP requests. NOTE: This information is based upon a vague initial disclosure. Details...
CVE-2006-4134
SAP Internet Graphics Service (IGS) affects 6.40 and earlier, and 7.00 and earlier. CVE-2006-4134 describes an unspecified design-flaw that enables remote attackers to cause a denial of service (service shutdown) via certain HTTP requests. Related entries (CVE-2006-6345 and CVE-2006-6346) describ...
Multiple SAP Internet Graphics Service security vulnerabilities
Buffer overflow and DoS conditions on HTTP requests parsing...
MyBulletinBoard (MyBB) < 1.1.3 Remote Code Execution Exploit
No description provided by source. !/usr/bin/perl Tue Jun 13 12:37:12 CEST 2006 [email protected] Exploit HOWTO - read this before flood my Inbox you bitch! - First you need to create the special user to do this use: ./mybibi.pl --host=http://www.example.com --dir=/mybb -1 this step needs a graph...
D-Link Access-Point <= 2.10na (DWL Series) Config Disclosure Vuln
No description provided by source. ADVISORY/0206 - D-Link Wireless Access-Point DWL-2100ap INTRUDERS TIGER TEAM SECURITY - SECURITY ADVISORY http://www.intruders.com.br/ , http://www.intruders.org.br/ Making a HTTP request to the /cgi-bin/ directory, the Web server will return error 404 Page not...
Update Protection against Apache Header Injection Vulnerability
A flaw has been identified in Apache 1.3.34/2.0.57/2.2.1. The flaw specifically exists in the Expect header. Attackers can exploit This flaw by appending malformed Expect headers in outgoing HTTP requests and redirect users to Web sites of their choice...
CVE-2006-2309
The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files...
CVE-2006-2309
The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files...
SEC-20060512-0.txt
SEC Consult Security Advisory 20060512-0 ============================================================== title: Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure program: Symantec Enterprise FW vulnerable version: 8.0 homepage: www.symantec.com found: 2005-09-13 by: SEC Consult /...
Ipswitch WhatsUp Professional 2006 - Authentication Bypass
Ipswitch WhatsUp Professional 2006 - Authentication Bypass source: https://www.securityfocus.com/bid/18019/info Ipswitch WhatsUp Professional 2006 is susceptible to a remote authentication-bypass vulnerability. This issue allows remote attackers to gain administrative access to the web-based...