3704 matches found
ntop 3.3.10 Denial Of Service
Title: ntop = sizeoftheHttpUser usersizeoftheHttpUser-1 = '\0'; . . . Affected Operating Systems: Only tested on Linux Affected Versions: ntop = 3.3.10 CVE: CVE-2009-2732 Credit: Brad Antoniewicz [email protected] code: START modules/auxiliary/dos/http/ntopbasic.rb...
CVE-2009-2855
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function...
Joomla! HTTP header cross-site scripting vulnerability-vulnerability warning-the black bar safety net
Joomla! Is an open source content management system CMS to. Joomla! Not properly filter the user in the HTTP request the the submission of the HTTPREFERER variable, a remote attacker can submit a malicious request to inject JavaScript or DHTML code and in the user's browser session. The following...
Mozilla Firefox Chrome Privilege Escalation Vulnerability (Aug 2009) - Linux
Mozilla Firefox is prone to Chrome Privilege Escalation vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mozilla Firefox Chrome Privilege Escalation Vulnerability Aug-09 (Linux)
This host is installed with Mozilla Firefox and is prone to Chrome Privilege Escalation vulnerability. OpenVAS Vulnerability Test $Id: gbfirefoxchromeprivescvulnaug09lin.nasl 4865 2016-12-28 16:16:43Z teissa $ Mozilla Firefox Chrome Privilege Escalation Vulnerability Aug-09 Linux Authors: Sharath...
Open redirect
The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafte...
CVE-2009-2665
The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafte...
CVE-2009-2665
The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafte...
Joomla! HTTP header cross-site scripting vulnerability-vulnerability warning-the black bar safety net
From the green Alliance:no commercial use indicate in advance Joomla! Is an open source content management system CMS to. Joomla! Not properly filter the user in the HTTP request the the submission of the HTTPREFERER variable, a remote attacker can submit a malicious request to inject JavaScript ...
Novell eDirectory iMonitor buffer overflow
Off-by-one overflow on HTTP Accept-Language: header...
CVE-2009-1697
Removed by vendor...
LogMeIn 4.0.784 - cfgadvanced.html HTTP Header Injection
LogMeIn 4.0.784 - cfgadvanced.html HTTP Header Injection source: https://www.securityfocus.com/bid/35236/info LogMeIn is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP...
LogMeIn 4.0.784 - 'cfgadvanced.html' HTTP Header Injection
source: https://www.securityfocus.com/bid/35236/info LogMeIn is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP response, attackers may be able to launch various attacks,...
Cross site scripting
Cross-site scripting XSS vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...
Crlf injection
CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter...
FreeBSD : cups -- remote code execution and DNS rebinding (736e55bc-39bb-11de-a493-001b77d09812)
Gentoo security team summarizes : The following issues were reported in CUPS : - iDefense reported an integer overflow in the cupsImageReadTIFF function in the 'imagetops' filter, leading to a heap-based buffer overflow CVE-2009-0163. - Aaron Siegel of Apple Product Security reported that the CUP...
cups -- remote code execution and DNS rebinding
Gentoo security team summarizes: The following issues were reported in CUPS: iDefense reported an integer overflow in the cupsImageReadTIFF function in the "imagetops" filter, leading to a heap-based buffer overflow CVE-2009-0163. Aaron Siegel of Apple Product Security reported that the CUPS web...
JVN#28020230 Web Mailer from CGI RESCUE vulnerable to HTTP header injection
Web Mailer from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. Web Mailer contains a HTTP header injection vulnerability. Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response...
GLSA-200904-20 : CUPS: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200904-20 CUPS: Multiple vulnerabilities The following issues were reported in CUPS: iDefense reported an integer overflow in the cupsImageReadTIFF function in the 'imagetops' filter, leading to a heap-based buffer overflow...
Mozilla Foundation Security Advisory 2009-16
Mozilla Foundation Security Advisory 2009-16 Title: jar: scheme ignores the content-disposition: header on the inner URI Impact: Moderate Announced: April 21, 2009 Reporter: Daniel Veditz Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.9 Description Mozilla developer Daniel Veditz...