CVE-2009-2281

Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via 1 a crafted Content-Length HTTP header or 2 a large HTTP request, related to an integer overflow tha...

iNTERNET.cms Cross-Site Scripting vulnerability

---------------------------------------------------------------------- PT-2009-22 Positive Technologies Security Advisory EXcms Root directory disclosure vulnerability ---------------------------------------------------------------------- --- Affected Software EXcms Versions prior to 2.02 Product...

EXcms Root directory disclosure vulnerability

---------------------------------------------------------------------- PT-2009-22 Positive Technologies Security Advisory EXcms Root directory disclosure vulnerability ---------------------------------------------------------------------- --- Affected Software EXcms Versions prior to 2.02 Product...

Cross site scripting

Cross-site scripting XSS vulnerability in Organic Groups OG 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HT...

SuSE9 Security Update : Red Carpet (YOU Patch Number 11461)

This update fixes a bug in the HTTP header parsing code of the included libsoup. This bug makes rcd vulnerable to a remote denial-of-service attack. CVE-2006-5876 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

CVE-2009-3321

SQL injection vulnerability in SaphpLesson 4.3, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the CLIENTIP HTTP header...

Sql injection

SQL injection vulnerability in SaphpLesson 4.3, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the CLIENTIP HTTP header...

CVE-2009-3321

SQL injection vulnerability in SaphpLesson 4.3, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the CLIENTIP HTTP header...

Nginx 0.7.61 - WebDAV Directory Traversal

Bug Title: nginx webdav copy/move method directory traversal Program: nginx Version: nginx/0.7.61 - other versions may also be affected Website: http://sysoev.ru/nginx/ Severity: Low Date discovered: 23 September 2009 The webdav component has to be enabled and the user has to have permission to u...

nginx 0.7.61 WebDAV directory traversal

Exploit for unknown platform in category remote exploits ======================================= nginx 0.7.61 WebDAV directory traversal ======================================= Title: nginx 0.7.61 WebDAV directory traversal CVE-ID: OSVDB-ID: Author: Kingcope Published: 2009-09-23 Verified: yes vi...

Apache HTTP Server 'mod_proxy_ftp' Module Command Injection Vulnerability

Apache HTTP Server is prone to a command injection vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Authorization

The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...

CVE-2009-3095

The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...

CVE-2009-3095

The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...

CVE-2009-3095

The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...

Sql injection

SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO...

CVE-2008-7153

SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO...

Authorization

fhttpd 0.4.2 allows remote attackers to cause a denial of service crash via an Authorization HTTP header with an invalid character after the Basic value...

CVE-2008-7014

fhttpd 0.4.2 allows remote attackers to cause a denial of service crash via an Authorization HTTP header with an invalid character after the Basic value...

CVE-2008-7014

fhttpd 0.4.2 allows remote attackers to cause a denial of service crash via an Authorization HTTP header with an invalid character after the Basic value...