Icy Phoenix 1.3.0.53a - HTTP Referer Persistent Cross-Site Scripting

Icy Phoenix 1.3.0.53a - HTTP Referer Persistent Cross-Site Scripting Exploit Title: Icy Phoenix 1.3.0.53a http referer stored XSS Google Dork: " Powered by Icy Phoenix " Date: 16-2-2011 Author: Saif El-Sherei Software Link: http://www.icyphoenix.com/dload.php?action=file&fileid=171 Version: Icy...

Ruby on Rails 3.0.5 - WEBrick::HTTPRequest Module HTTP Header Injection

Ruby on Rails 3.0.5 - WEBrick::HTTPRequest Module HTTP Header Injection source: https://www.securityfocus.com/bid/46423/info Ruby on Rails is prone to a vulnerability that allows attackers to inject arbitrary content into the 'X-Forwarded-For', 'X-Forwarded-Host' and 'X-Forwarded-Server' HTTP...

JAKCMS 2.0 PRO RC5 stored XSS via useragent HTTP header Injection

Exploit for php platform in category web applications Exploit Title: JAKCMS 2.0 PRO RC5 stored XSS via useragent HTTP header Injection Date: 7-2-2011 Author: Saif El-Sherei Software Link: http://php.opensourcecms.com/scripts/redirect/download.php?id=480 Version: JAKCMS PRO 2.0 RC5 and probably...

SDP Downloader HTTP Header Handling Buffer Overflow Vulnerability

This host is installed with SDP Downloader and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: gbsdpdownloaderhttpheaderbofvuln.nasl 7052 2017-09-04 11:50:51Z teissa $ SDP Downloader HTTP Header Handling Buffer Overflow Vulnerability Authors: Sooraj KS Copyright:...

CVE-2011-0733

Cross-site scripting XSS vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file...

Stack overflow

Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to 1 gwpoa.exe in the Post Office Agent, 2 gwmta.exe in the Message Transfer Agent, 3 gwia.exe in the Internet Agent, 4 the WebAccess Agent, or 5 th...

CVE-2010-4714

Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to 1 gwpoa.exe in the Post Office Agent, 2 gwmta.exe in the Message Transfer Agent, 3 gwia.exe in the Internet Agent, 4 the WebAccess Agent, or 5 th...

Weborf 'get_param_value()' Function HTTP Header Handling Denial Of Service Vulnerability

Weborf is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to crash, denying service to legitimate users. Versions prior to Weborf 0.12.5 are vulnerable. OpenVAS Vulnerability Test $Id: gbweborf46054.nasl 7015 2017-08-28 11:51:24Z teissa...

Cross site scripting

Cross-site scripting XSS vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP XFORWARDEDFOR header, which is stored by system/libraries/Environment.php but n...

CVE-2011-0508

Cross-site scripting XSS vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP XFORWARDEDFOR header, which is stored by system/libraries/Environment.php but n...

Mongoose Web Server 'Content-Length' HTTP Header Remote DoS Vulnerability

Mongoose Web Server is prone to a remote denial of service DoS vulnerability because it fails to handle specially crafted input. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Novell iPrint Client < 5.56 Multiple Vulnerabilities

The version of Novell iPrint Client installed on the remote host is earlier than 5.56. Such versions are reportedly affected by one or more of the following vulnerabilities that can allow for arbitrary code execution : - The iPrint ActiveX control fails to sanitize input to the 'GetDriverSettings...

Mongoose 2.11 - Content-Length HTTP Header Remote Denial of Service

Mongoose 2.11 - Content-Length HTTP Header Remote Denial of Service source: https://www.securityfocus.com/bid/45602/info Mongoose is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted input. Successfully exploiting this issue will allow an attacker to...

Mongoose 2.11 - &#039;Content-Length&#039; HTTP Header Remote Denial of Service

source: https://www.securityfocus.com/bid/45602/info Mongoose is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted input. Successfully exploiting this issue will allow an attacker to crash the affected application, denying further service to legitimate...

IPfucK -- A Proxy tool for Firefox -- New Version

Having your IP address considered as private from a legal point of view, it is always interesting to increase your on-line privacy. Not only to hide your illegal activity indeed for most politicians and anti-fraud organizations, behind each surfers lives, but to just keep your personal informatio...

GroupWise Internet Agent < 8.0.2 HP1 Multiple Flaws

The version of GroupWise Internet Agent installed on the remote host is older than 8.0.2.11941 and hence affected by the following issues : - Multiple 'Content-Type' header parsing issues can result in arbitrary code execution on the remote system. ZDI-10-237 / ZDI-10-238 / ZDI-10-241 - Multiple...

Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Juniper SA Series devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the meetingtestjava.cgi page which is used to test JVM compatibility. When...

Paypal.com Cross Site Scripting

https://www.paypal.com | HTTP Header Injection | Cross Site Scripting XSS | CAPEC-34 | CWE-79 Hoyt LLC - October 28, 2010 http://cloudscan.blogspot.com | http://cloudscan.me https://www.paypal.com | HTTP Header Injection | Cross Site Scripting XSS Tested on IE8, Chrome, Firefox. The affected URL'...

JVN#72541530: Active! mail 6 vulnerable to HTTP header injection

Active! mail 6 from TransWARE Co. is a web-based email software. Active! mail 6 contains a HTTP header injection vulnerability. Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response splitting attacks are also possible. Soluti...

CVE-2010-3842

Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ backslash as a separator of path components within the Content-disposition HTTP header...