CVE-2012-5877

Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service NULL pointer dereference and crash via an HTTP header without a name...

CVE-2012-5877

Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service NULL pointer dereference and crash via an HTTP header without a name...

CVE-2012-5877

CVE-2012-5877 concerns Nero MediaHome Server (Product: Nero MediaHome, vulnerable through NMMediaServer.dll) with versions up to 4.5.8.0. The available documents describe a denial-of-service via malformed HTTP handling, notably a NULL pointer dereference triggered by ill-formed HTTP headers (e.g....

phpnuke 8.3 Sql Injection Vulnerability

Exploit for php platform in category web applications author : ali ahmady -- Iranian security researcher email : snip3rirathotmail.com greets : b0x , PhantomX , VIRkid , email protected , zeus REKCAH , milad22 google dork : inurl: modules.php?name=SubmitNews at post review level you can inject...

tomcat -- multiple vulnerabilities

Tomcat Security Team reports: Tomcat does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference,...

Secret: Content Sniffing not disabled

URL :- https://www.secret.ly/ Issue description :- There was no "X-Content-Type-Options" HTTP header with the value nosniff set in the response. The lack of this header causes that certain browsers, try to determine the content type and encoding of the response even when these properties are...

ReddAPI: Content Sniffing not disabled

URL :- https://api.reddapi.com/ Issue description :- There was no "X-Content-Type-Options" HTTP header with the value nosniff set in the response. The lack of this header causes that certain browsers, try to determine the content type and encoding of the response even when these properties are...

Medium: mod24_security

Issue Overview: apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. Affected Packages: mod24security Issue Correction: Run yum update mod24security or yum...

APPLE-SA-2014-04-22-3 Apple TV 6.1.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-3 Apple TV 6.1.1 Apple TV 6.1.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker in a privileged network position can obtain web site credentials Descriptio...

CVE-2011-5279

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services IIS 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n newline character in an HTTP header...

Crlf injection

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services IIS 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n newline character in an HTTP header...

CVE-2011-5279

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services IIS 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n newline character in an HTTP header...

CVE-2014-1296

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP...

CVE-2014-1296

CFNetwork in iOS before 7.1.1, OS X up to 10.9.2, and Apple TV before 6.1.1 mishandles incomplete Set-Cookie headers, allowing a remote attacker to bypass access restrictions by closing the TCP connection during header transmission (HTTPOnly). Public fix/version not specified in the provided docu...

CVE-2014-1296

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP...

OkCupid: Reflected XSS on www.okcupid.com/signup

Reflected XSS on www.okcupid.com/signup Im using Live HTTP Header for this bug. 1 Go to https://www.okcupid.com/signup 2 Click on continue 3 Enter details 4 Live HTTP Headers or any HTTP Editor should be running before clicking "Next" button. 5 Edit the following POST Headers : Host:...

CVE-2014-2286

CVE-2014-2286 affects Asterisk Open Source by vulnerable main/http.c in 1.8.x <1.8.26.1, 11.8.x <11.8.1, and 12.1.x <12.1.1 (and Certified Asterisk

CVE-2013-5705

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...

Authentication flaw

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...

CVE-2013-5705

Affected software: ModSecurity (Apache module) before 2.7.6. Root cause: flawed handling of chunked Transfer-Encoding with a capitalized Chunked value in the HTTP header. Impact: remote attackers can bypass mod_security rules. Remediation: upgrade to ModSecurity 2.7.6 or newer (as cited by multip...