CVE-2002-2009

Affected software: Apache Tomcat 4.0.1. Vulnerability: Information disclosure where remote attackers can obtain the web root/pathname by triggering error pages for JSP requests that use a leading sequence (+/, >/,

CVE-2002-2009

Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by 1 +/, 2 /, 3 /, and 4 %20/, which leaks the pathname in an error message...

CVE-2000-1235

Oracle IAS 3.0.7 and earlier are affected by CVE-2000-1235 due to default configurations of the port listener and mod_plsql, enabling remote attackers to view privileged database information via HTTP requests for DAD files. Affected component is the mod_plsql DAD handling exposed by default; root...

CVE-2001-1556

Technical details for CVE-2001-1556 are not publicly provided in the connected documents. Monitor for updates.

CVE-2002-1994

advserver.exe in Advanced Web Server AdvServer Professional 1.030000 allows remote attackers to cause a denial of service via multiple HTTP requests containing a single carriage return/line feed CRLF sequence...

CVE-2002-2007

The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages JSP in the 1 test/jsp, 2 samples/jsp and 3 examples/jsp directories, or the 4...

CVE-2002-1999

HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow remote attackers to cause Webproxy to forward requests to the internal network via crafted HTTP requests...

CVE-2002-2025

CVE-2002-2025 affects Lotus Domino server 5.0.9a and earlier. The vulnerability allows remote attackers to cause a denial of service by exhausting the server’s working threads via a high volume of HTTP requests for (1) an MS-DOS device name and (2) an MS-DOS device name with a long appended name....

CVE-2005-2201

Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests...

CVE-2005-2201

CVE-2005-2201 affects the MicroServer Web Server used by Xerox WorkCentre Pro Color devices (models 2128, 2636, 3545) with firmware versions 0.001.04.044–0.001.04.504. The vulnerability allows an attacker to cause a denial of service or access files via crafted HTTP requests. Current documents co...

CVE-2005-2201

Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests...

punBB < 1.2.6 profile.php $temp Parameter SQL Injection (deprecated)

Binary data 3058.prm...

PHPAUCTION Multiple Vulnerabilities

Binary data 3055.prm...

WordPress 1.5.1.2 - xmlrpc Interface SQL Injection

WordPress 1.5.1.2 - xmlrpc Interface SQL Injection !/usr/bin/perl -w sorry for the late posting, had to test it. /str0ke Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML R...

CVE-2002-1906

The CVE-2002-1906 issue affects Polycom ViaVideo web server versions 2.2 and 3.0. The vulnerability is a denial-of-service caused by remote attackers sending incomplete HTTP requests and keeping connections open, which leads to CPU consumption/lockups. The available connected sources (OpenVAS NAS...

Microsoft ISA Server HTTP Request Smuggling Vulnerability

Description Microsoft Internet Security and Acceleration ISA server is reported prone to a HTTP request smuggling attack. The vendor reports that Microsoft ISA server fails to correctly handle an invalid HTTP request that contains multiple 'Content-Length' values in an invalid HTTP header. A remo...

CVE-2005-1836

NEXTWEB iSite allows remote attackers to cause a denial of service error 500 via a crafted HTTP request, possibly involving wildcard requests for .jsp files...

CVE-2004-2117

Tiny Server 1.1 allows remote attackers to cause a denial of service crash via malformed HTTP requests such as 1 a GET request without the HTTP version HTTP/1.1, or 2 a request without GET or the HTTP version...

CVE-2004-2117

CVE-2004-2117 : The Tiny Server 1.1 product is affected. It allows remote attackers to cause a denial of service (crash) by sending malformed HTTP requests, such as a GET request without an HTTP version (HTTP/1.1) or a request lacking both GET and the HTTP version. The provided documents do not i...

CVE-2004-1804

wMCam server 2.1.348 allows remote attackers to cause a denial of service no new connections via multiple malformed HTTP requests without the GET command...