Kolibri WebServer HTTP GET Request Handling Buffer Overflow

Added: 08/07/2014 CVE: CVE-2014-4158 BID: 68195 OSVDB: 108090 Background SENKAS Kolibri Webserver is a free very simple web server for Microsoft Windows that supports serving static web content. Problem Kolibri Webserver is vulnerable to a stack buffer overflow as a result of failure to properly...

Kolibri WebServer HTTP GET Request Handling Buffer Overflow

Added: 08/07/2014 CVE: CVE-2014-4158 BID: 68195 OSVDB: 108090 Background SENKAS Kolibri Webserver is a free very simple web server for Microsoft Windows that supports serving static web content. Problem Kolibri Webserver is vulnerable to a stack buffer overflow as a result of failure to properly...

Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms

High-Tech Bridge Security Research Lab discovered two vulnerabilities in Forma Lms, which can be exploited to perform Cross-Site Scripting XSS attacks against vulnerable website. 1 Reflected Cross-Site Scripting XSS in Forma Lms: CVE-2014-5257 1.1 The vulnerability exists due to insufficient...

BitDefender Products HTTP Daemon < 5.1.11.432 Directory Traversal Vulnerability - Active Check

BitDefender is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

WordPress Game-Tabs plugin 'n' Parameter Cross Site Scripting Vulnerability

WordPress Game-Tabs Plugin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache JackRabbit 2.0.0 webapp XPath Injection

No description provided by source. Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip Description:...

Invision Power Board 1.x Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13802/info Invision Power Board is affected by an unauthorized access vulnerability. Reportedly, a moderator can edit forum posts owned by other moderators through an HTTP GET request without providing sufficient...

Snowblind Web Server 1.0/1.1 HTTP GET Request Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7619/info Snowblind Web Server has been reported prone to a buffer overflow vulnerability. The vulnerability exists when the web server attempts to process HTTP requests of excessive length. Although unconfirmed, this...

Loom Software SurfNow 1.x/2.x Remote HTTP GET Request Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9519/info A problem has been identified in the handling of specific types of requests by SurfNOW. Upon receiving specially crafted HTTP GET requests, it is possible for a remote attacker to crash a vulnerable...

Cerbere Proxy Server 1.2 Long Host Header Field Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11085/info Cerbère Proxy server is reported prone to a remote denial of service vulnerability. This issue presents itself when a remote attacker sends a malformed HTTP GET request to the server. A remote attacker may caus...

Asn Guestbook 1.5 - header.php version Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14356/info Asn Guestbook is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issu...

ONO Hitron CDE-30364 Router - Denial of Service

No description provided by source. !/usr/bin/python ----------------------------------------------------------------------------------------- Description: ----------------------------------------------------------------------------------------- Hitron Technologies CDE-30364 is a famous ONO Router...

Red Hat Apache 2.0.40 Directory Index Default Configuration Error

No description provided by source. source: http://www.securityfocus.com/bid/8898/info The Red Hat Apache configuration may allow an attacker to view directory listings. The problem is reported to present itself when an attacker issues an HTTP GET request to a vulnerable server containing '//'...

GoAhead WebServer 2.1.x Directory Management Policy Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9450/info GoAhead WebServer is prone to a vulnerability that may permit remote attackers to bypass directory management policy. It is reported that certain syntax may be used in HTTP GET requests to bypass the policy for...

InternetNow ProxyNow 2.6/2.75 Multiple Stack and Heap Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/9500/info ProxyNow has been reported to be prone to multiple overflow vulnerabilities that may allow an attacker to execute arbitrary code in order to gain unauthorized access to a vulnerable system. The vulnerabilities...

SurgeLDAP 1.0 d Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8406/info SurgeLDAP is prone to a path disclosure vulnerability. It is possible to gain access to sensitive path information by issuing an HTTP GET request for an invalid resource. This issue exists in the web server...

XtreamerPRO Media-player 2.6.0 & 2.7.0 - Multiple Vulnerabilities

No description provided by source. Exploit Title: XtreamerPRO Media-player and streamer multiple vulnerabilities Google Dork: intitle:Xtreamer Media Server + 2009 Xtreamer.net, All right reserved. Date: 15/05/2011 Author: Itzik Chen Software Link: www.xtreamer.net Version: ver 2.6.0, 2.7.0 Tested...

Microsoft IIS 5.0 False Content-Length Field DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3667/info Microsoft IIS 5.0 may be prone to a denial of service condition when sent a specially crafted malformed HTTP GET header. If an IIS 5.0 web server is sent a crafted HTTP GET request which contains a falsified and...

Microsoft IIS 5.0 "Translate: f" Source Disclosure Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/1578/info Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then...

IPSwitch IMail 6.x/7.0/7.1 Web Messaging HTTP Get Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5323/info IMail is a commercial email server software package distributed and maintained by Ipswitch, Incorporated. IMail is available for Microsoft Operating Systems. The web messaging server is vulnerable to a buffer...