Null pointer dereference

at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a long string in an HTTP header field, as demonstrated using the If-Unmodified-Since field...

CVE-2012-5332

at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a long string in an HTTP header field, as demonstrated using the If-Unmodified-Since field...

CVE-2012-5332

Summary: CVE-2012-5332 affects at32 Reverse Proxy 1.060.310 and is caused by processing an overly long HTTP header (demonstrated with the If-Unmodified-Since header), leading to a NULL pointer dereference and a DoS (application crash). Details from connected sources: Multiple CVE records (NVD, CV...

Ubuntu 10.04 LTS / 11.04 / 11.10 : python2.6 vulnerabilities (USN-1596-1)

It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. CVE-2008-5983 It was discovered that the audioop module did not correctly perform...

Novell GroupWise Internet Agent Request Content-Length Header Parsing Remote Overflow

Binary data groupwiseiacve-2012-0271.nbin...

mod_rpaf: Denial of service

Background modrpaf is a reverse proxy add forward module for backend Apache servers. Description An error has been found in the way modrpaf handles X-Forwarded-For headers. Please review the CVE identifier referenced below for details. Impact A remote attacker could send a specially crafted HTTP...

PHP < 5.3.11, 5.4.0 < 5.4.1 RC1 HTTP Header Injection Vulnerability

PHP is prone to an HTTP header injection vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

Siemens SIMATIC WinCC HMI Web Server Multiple Input Validation Vulnerabilities - Active Check

Siemens SIMATIC WinCC is prone to an HTTP-header-injection issue, a directory-traversal issue, and an arbitrary memory-read access issue because the application fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from...

CVE-2012-4999

Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote attackers to cause a denial of service service hang via a crafted string in HTTP header fields such as 1 If-Modified-Since, 2 If-None-Match, or 3 If-Unmodified-Since. NOTE: some of these details are obtained from third party...

CVE-2012-4999

The vulnerability CVE-2012-4999 affects Mercury MR804 Router firmware (version 8.0 3.8.1 Build 101220 Rel.53006nB). The issue arises from how HTTP header fields (notably If-Modified-Since, If-None-Match, and If-Unmodified-Since) are processed, allowing remote attackers to cause a denial of servic...

CVE-2012-4999

Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote attackers to cause a denial of service service hang via a crafted string in HTTP header fields such as 1 If-Modified-Since, 2 If-None-Match, or 3 If-Unmodified-Since. NOTE: some of these details are obtained from third party...

Integer overflow

Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a 1 GET parameter, 2 POST parameter, or 3 Referer HTTP header...

CVE-2011-4451

WikkaWiki 1.3.1 and 1.3.2 are affected by a remote PHP code injection vulnerability in the spam-logging path when spam_logging is enabled. The issue allows an attacker to supply PHP code via the User-Agent header in addcomment requests to write to the spamlog_path file. Vendor disputes this issue...

Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities

Ad Manager Pro is prone to multiple sql injection and cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Ad Manager Pro - Multiple Vulnerabilities

----------------------------------------------------------- Ad Manager Pro Bug discovered by Yakir Wizman Date 24/08/2012 Vendor Homepage - http://www.phpwebscripts.com/ad-manager-pro/ Demo - http://www.scripts-demo.com/admanagerpro/ ISRAEL...

CVE-2012-2330

The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...

HTTP header injection - ownCloud

A Header injection vulnerability in ownCloud before 4.0.8 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the HTTP url path parameter to index.php. Affected Software ownCloud Server 4.0.8 CVE-2012-5057 Action Taken It is...

Scientific Linux Security Update : httpd on SL6.x i386/x86_64

The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy fla...

Scientific Linux Security Update : firefox on SL5.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203 A flaw was...