CVE-2003-1587

CVE-2003-1587 describes a cross-site scripting (XSS) vulnerability in LoganPro where remote attackers can inject arbitrary script via a crafted User-Agent header. Affected component is the web application LoganPro; root cause is insufficient input validation/escaping for User-Agent. The CVSS v2 s...

CVE-2003-1586

Cross-site scripting XSS vulnerability in WebExpert allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header...

Sun Java System Web Server < 7.0 Update 8 Multiple Heap-based Buffer Overflow Vulnerabilities

Sun Java Web Server is prone to multiple heap-based buffer overflow vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2010-0387

Multiple heap-based buffer overflows in 1 webservd and 2 the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service daemon crash and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header...

Heap overflow

Multiple heap-based buffer overflows in 1 webservd and 2 the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service daemon crash and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header...

XOOPS任意文件删除和HTTP头注入漏洞

No description provided by source...

Red Hat Directory Server Accept-Language HTTP Header Parsing Buffer Overflow (CVE-2008-2928)

Red Hat Directory Server is an LDAP-based server that centralizes application settings, user profiles, group data, policies, and access control information into an operating system-independent, network-based registry. Fedora Directory Server is a free version of Red Hat Directory Server. There...

FreeBSD : pligg -- XSS and Cross-Site Request Forgery (bec38383-e6cb-11de-bdd4-000c2930e89b)

secunia reports : Russ McRee has discovered some vulnerabilities in Pligg, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks. Input passed via the 'Referer' HTTP header to various scripts e.g. admin/adminconfig.php, admin/adminmodules.php,...

Stack overflow

Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action...

CVE-2009-4180

Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header...

CVE-2009-4180

Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header...

Polipo 1.0.4 - Remote Memory Corruption (PoC)

!/usr/bin/perl estranged.pl AKA Polipo 1.0.4 Remote Memory Corruption 0day PoC Jeremy Brown [email protected]//jbrownsec.blogspot.com//krakowlabs.com 12.07.2009 Hzzp loves you Polipo! No use reporting this issue to Ubuntu Security unless you feel like waiting two weeks for them to sit on it,...

Sql injection

Multiple SQL injection vulnerabilities in admin/aclass/adminfunc.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the 1 X-Forwarded-For or 2 Client-IP HTTP header in a request to the default URI under admin/...

CVE-2009-4203

Multiple SQL injection vulnerabilities in admin/aclass/adminfunc.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the 1 X-Forwarded-For or 2 Client-IP HTTP header in a request to the default URI under admin/...

CVE-2009-3898

Directory traversal vulnerability in src/http/modules/ngxhttpdavmodule.c in nginx aka Engine X before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. dot dot in the Destination HTTP header for the WebDAV 1 COPY or 2 MOVE method...

CVE-2009-3898

Directory traversal vulnerability in src/http/modules/ngxhttpdavmodule.c in nginx aka Engine X before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. dot dot in the Destination HTTP header for the WebDAV 1 COPY or 2 MOVE method...

USN-860-1: Apache vulnerabilities

Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a machine-in-the-middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. The flaw is with TLS renegotiation and...

CVE-2009-2281

Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via 1 a crafted Content-Length HTTP header or 2 a large HTTP request, related to an integer overflow tha...

CVE-2009-2281

Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via 1 a crafted Content-Length HTTP header or 2 a large HTTP request, related to an integer overflow tha...

Integer overflow

Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via 1 a crafted Content-Length HTTP header or 2 a large HTTP request, related to an integer overflow tha...