Squid 3.x < 3.2.9 / 3.3.x < 3.3.3 DoS

Binary data 8635.prm...

Squid < 3.1.1 HTTP Header Injection

Binary data 8698.prm...

HP OpenView Network Node Manager Accept-Language Buffer Overflow - Ver2 (CVE-2009-4179)

A stack buffer overflow exists in HP OpenView Network Node Manager NNM CGI program ovalarm.exe. The vulnerability is due to a boundary error when processing the Accept-Language HTTP header and the OvAcceptLang cookie value in a crafted HTTP request. A remote unauthenticated attacker can exploit...

Referrer policy ignored when links opened by middle-click and context menu — Mozilla

Security researcher Alex Verstak reported that is ignored when a link is opened through the context menu or a middle-click by mouse. This means that, in some situations, the referrer policy is ignored when opening links in new tabs and may cause some pages to open without an HTTP Referer header...

vBulletin 4.x.x &#39;visitormessage.php&#39; Remote Code Injection Vulnerability

Exploit Title: vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability + Discovered By: Dariush Nasirpour Net.Edit0r + My Homepage: black-hg.org / nasirpour.info + Date: 2015 27 February + Vendor Homepage: vBulletin.com + Tested on: vBulletin 4.2.2 + Greeting : Ali Razmjoo -...

F5 BigIP HTTP Virtual Server Scanner

This module scans for BigIP HTTP virtual servers using banner grabbing. BigIP system uses different HTTP profiles for managing HTTP traffic and these profiles allow to customize the string used as Server HTTP header. The default values are "BigIP" or "BIG-IP" depending on the BigIP system version...

Concrete CMS: Unsafe usage of Host HTTP header in Concrete5 version 5.7.3.1

Concrete5 is affected by a design issue related to the Host HTTP header. Such header is being used to define the base URL for the application. Since the Host header can be arbitrarily manipulated by an attacker, this can have some security impacts...

CVE-2015-0706

Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966...

Open redirect

Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966...

CVE-2015-0706

Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966...

Cisco FireSIGHT Management Center Web Framework HTTP Header Redirection Vulnerability

A vulnerability in the web framework of Cisco FireSIGHT Management Center could allow an unauthenticated, remote attacker to inject a crafted HTTP header that causes users to be redirected to a malicious website. The vulnerability is due to insufficient validation of user input before it is used ...

Ali security research labs: IIS server vulnerability analysis-vulnerability warning-the black bar safety net

4 on 1 to 5 November, in Microsoft's patch day, Microsoft released a more high-risk vulnerabilities, one of MS15-0 3 4 vulnerability that affects most widely, will cause the IIS server to blue screen crash, special circumstances or lead to information disclosure. Alibaba security research...

The IIS server vulnerability analysis-vulnerability warning-the black bar safety net

4 on 1 to 5 November, in Microsoft's patch day, Microsoft released a more high-risk vulnerabilities, one of MS15-0 3 4 vulnerability that affects most widely, will cause the IIS server to blue screen crash, special circumstances or lead to information disclosure. Alibaba security research...

Apple Mac OS X Cross-Domain HTTP Request Header Authentication Credentials Disclosure Vulnerability

Apple Mac OS X is an operating system developed by Apple Inc. A cross-domain HTTP request header validation credential disclosure vulnerability exists in Apple Mac OS X CFNetwork Session Handling Redirection, which allows attackers to exploit the vulnerability to obtain sensitive information...

Wordpress Traffic Analyzer Plugin 3.4.2 - Blind SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress plugin 'Traffic Analyzer' Blind SQL Injection Google Dork: inurl:/plugins/trafficanalyzer/js/ Date: 4/7/2015 Exploit Author: Dan King @fuzztester Vendor Homepage: http://wptrafficanalyzer.in/ Software Link:...

WordPress Plugin Traffic Analyzer 3.4.2 - Blind SQL Injection

Exploit Title: Wordpress plugin 'Traffic Analyzer' Blind SQL Injection Google Dork: inurl:/plugins/trafficanalyzer/js/ Date: 4/7/2015 Exploit Author: Dan King @fuzztester Vendor Homepage: http://wptrafficanalyzer.in/ Software Link: https://wordpress.org/plugins/trafficanalyzer/ Version: 3.4.2...

Snapchat: Captcha Bypass in Snapchat's Geofilter Submission Process

Hi, Overview: Snapchat provides a form in which users can submit "Geofilters". These are filters which get applied to users snaps when they are in specific geolocations. The form https://www.snapchat.com/geofilters/submit.html allows for the submission of these "Geofilters" as an anonymous user...

Citrix Netscaler NS10.5 - WAF Bypass Via HTTP Header Pollution Vulnerability

Exploit for linux platform in category web applications Exploit Title: Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution Date: Mar 13, 2015 Exploit Author: BGA Security Vendor Homepage: http://www.citrix.com/ Version: NS10.5 Tested on: NetScaler NS10.5: Build 50.9.nc, Document Title:...

Citrix Netscaler NS10.5 HTTP Header Contamination WAF Bypass Vulnerability

Citrix NetScaler is a network traffic management product A security vulnerability exists in Citrix NetScaler that allows attackers to exploit a vulnerability to bypass WAF protection via HTTP header pollution for unauthorized access...

Citrix Netscaler NS10.5 WAF Bypass

Document Title: ============ Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution Release Date: =========== 12 Mar 2015 Product & Service Introduction: ======================== Citrix NetScaler AppFirewall is a comprehensive application security solution that blocks known and unknown...