ZenPhoto 1.4.0.3 x-forwarded-for HTTP Header presisitent XSS

Exploit for php platform in category web applications Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP Header presisitent XSS Date: 21-4-2011 Author: Saif El-Sherei Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip Version: 1.4.0.3 latest updated...

ZenPhoto 1.4.0.3 - x-forwarded-for HTTP Header Persistent Cross-Site Scripting

ZenPhoto 1.4.0.3 - x-forwarded-for HTTP Header Persistent Cross-Site Scripting Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP Header presisitent XSS Date: 21-4-2011 Author: Saif El-Sherei Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip Version:...

ZenPhoto 1.4.0.3 - x-forwarded-for HTTP Header Persistent Cross-Site Scripting

Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP Header presisitent XSS Date: 21-4-2011 Author: Saif El-Sherei Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip Version: 1.4.0.3 latest updated 2011-4-19 Tested on:FF 3.0.15, IE 8 Info: Zenphoto is an...

ZenPhoto 1.4.0.3 Cross Site Scripting

Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP Header presisitent XSS Date: 21-4-2011 Author: Saif El-Sherei Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip Version: 1.4.0.3 latest updated 2011-4-19 Tested on:FF 3.0.15, IE 8 Info: Zenphoto is an...

CVE-2010-4235

Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header...

Format string

Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header...

CVE-2010-4235

Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header...

Ruby on Rails Logfile Injection Vulnerability (Mar 2011)

Ruby on Rails is prone to a file injection vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rubyonrails:rails";...

FreeBSD Ports: bugzilla

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Submits Tracking Protection Proposal to W3C

Microsoft has submitted its proposal for web tracking protection to the W3C for consideration as a standard, hoping to get the organization’s stamp of approval for its browser privacy technology. The proposal is in the earliest stages of the process and has not been approved, a process that can...

Icy Phoenix 1.3.0.53a - HTTP Referer Persistent Cross-Site Scripting

Icy Phoenix 1.3.0.53a - HTTP Referer Persistent Cross-Site Scripting Exploit Title: Icy Phoenix 1.3.0.53a http referer stored XSS Google Dork: " Powered by Icy Phoenix " Date: 16-2-2011 Author: Saif El-Sherei Software Link: http://www.icyphoenix.com/dload.php?action=file&fileid=171 Version: Icy...

Ruby on Rails 3.0.5 - WEBrick::HTTPRequest Module HTTP Header Injection

Ruby on Rails 3.0.5 - WEBrick::HTTPRequest Module HTTP Header Injection source: https://www.securityfocus.com/bid/46423/info Ruby on Rails is prone to a vulnerability that allows attackers to inject arbitrary content into the 'X-Forwarded-For', 'X-Forwarded-Host' and 'X-Forwarded-Server' HTTP...

JAKCMS 2.0 PRO RC5 stored XSS via useragent HTTP header Injection

Exploit for php platform in category web applications Exploit Title: JAKCMS 2.0 PRO RC5 stored XSS via useragent HTTP header Injection Date: 7-2-2011 Author: Saif El-Sherei Software Link: http://php.opensourcecms.com/scripts/redirect/download.php?id=480 Version: JAKCMS PRO 2.0 RC5 and probably...

SDP Downloader HTTP Header Handling Buffer Overflow Vulnerability

This host is installed with SDP Downloader and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: gbsdpdownloaderhttpheaderbofvuln.nasl 7052 2017-09-04 11:50:51Z teissa $ SDP Downloader HTTP Header Handling Buffer Overflow Vulnerability Authors: Sooraj KS Copyright:...

CVE-2011-0733

Cross-site scripting XSS vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file...

Stack overflow

Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to 1 gwpoa.exe in the Post Office Agent, 2 gwmta.exe in the Message Transfer Agent, 3 gwia.exe in the Internet Agent, 4 the WebAccess Agent, or 5 th...

CVE-2010-4714

Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to 1 gwpoa.exe in the Post Office Agent, 2 gwmta.exe in the Message Transfer Agent, 3 gwia.exe in the Internet Agent, 4 the WebAccess Agent, or 5 th...

Weborf 'get_param_value()' Function HTTP Header Handling Denial Of Service Vulnerability

Weborf is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to crash, denying service to legitimate users. Versions prior to Weborf 0.12.5 are vulnerable. OpenVAS Vulnerability Test $Id: gbweborf46054.nasl 7015 2017-08-28 11:51:24Z teissa...

Cross site scripting

Cross-site scripting XSS vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP XFORWARDEDFOR header, which is stored by system/libraries/Environment.php but n...

CVE-2011-0508

Cross-site scripting XSS vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP XFORWARDEDFOR header, which is stored by system/libraries/Environment.php but n...