Sql injection

SQL injection vulnerability in the guestbook component components/guestbook/guestbook.php in Drake CMS 0.4.11 and earlier allows remote attackers to execute arbitrary SQL commands via the Via HTTP header HTTPVIA to index.php...

CVE-2008-6475

SQL injection vulnerability in the guestbook component components/guestbook/guestbook.php in Drake CMS 0.4.11 and earlier allows remote attackers to execute arbitrary SQL commands via the Via HTTP header HTTPVIA to index.php...

DSA-1740-1 yaws - denial of service

Bulletin has no description...

[ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability

============================================= INTERNET SECURITY AUDITORS ALERT 2009-004 - Original release date: December 3rd, 2008 - Last revised: March 10th, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.3/10 CVSS scored ============================================= I. VULNERABILITY...

Wordpress MU < 2.7 'HOST' HTTP Header XSS Vulnerability

No description provided by source. ============================================= INTERNET SECURITY AUDITORS ALERT 2009-004 - Original release date: December 3rd, 2008 - Last revised: March 10th, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.3/10 CVSS scored...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Description Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard...

WordPress MU 2.7 - HOST HTTP Header Cross-Site Scripting

WordPress MU 2.7 - HOST HTTP Header Cross-Site Scripting ============================================= INTERNET SECURITY AUDITORS ALERT 2009-004 - Original release date: December 3rd, 2008 - Last revised: March 10th, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.3/10 CVSS scored...

WordPress MU Cross Site Scripting

============================================= INTERNET SECURITY AUDITORS ALERT 2009-004 - Original release date: December 3rd, 2008 - Last revised: March 10th, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.3/10 CVSS scored ============================================= I. VULNERABILITY...

CentOS Update for squid CESA-2008:0214 centos3 i386

Check for the Version of squid OpenVAS Vulnerability Test CentOS Update for squid CESA-2008:0214 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

CentOS Update for squid CESA-2008:0214 centos3 x86_64

Check for the Version of squid OpenVAS Vulnerability Test CentOS Update for squid CESA-2008:0214 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Heap overflow

Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remote attackers to bypass intended access restrictions for character encoding and the cookie secure flag via unknown vectors related to the "HTTP header rewrite function."...

CVE-2008-6298

Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remote attackers to bypass intended access restrictions for character encoding and the cookie secure flag via unknown vectors related to the "HTTP header rewrite function."...

CVE-2008-6298

CVE-2008-6298 concerns sISAPILocation (ISAPI filter for IIS) prior to 1.0.2.2. The vulnerability enables bypass of the HTTP header rewrite function, potentially bypassing configuration controls for character encoding and the cookie secure flag. Root cause is described as an issue in the sISAPILoc...

ziproxy -- multiple vulnerability

Ziproxy Developers reports: Multiple HTTP proxy implementations are prone to an information-disclosure vulnerability related to the interpretation of the 'Host' HTTP header. Specifically, this issue occurs when the proxy makes a forwarding decision based on the 'Host' HTTP header instead of the...

Next injection protection cross-site scripting request spoofing(CSRF)-vulnerability warning-the black bar safety net

Author: superhei, 出处 :ph4nt0m.org CSRFCross-site Request Forgery,cross-site request cheat in the past year nn2always fire, however, CSRF is very difficult to completely prevent, following some of my Bypass Preventingside note CSRF tricks...... CSRFCross-site Request Forgery,cross-site request che...

MemHT Portal 4.0.1 - Remote Code Execution

MemHT Portal 4.0.1 - Remote Code Execution !/usr/bin/perl MemHT Portal 7 Main::Usage; else HTTP::UserAgent$uagent; MemHT::Login; MemHT::Exploit$file; MemHT Exploit Package package MemHT; sub Exploit my $resp; my $file = shift...

opera9. 5 2 Use ajax to read a local file vulnerability further use-vulnerability warning-the black bar safety net

by emptiness prodigal heart http://www.inbreak.net The foregoing the opera9. 5 2 Use ajax to read a local file vulnerability on , Referred to the opera's ajax to read a local file vulnerability. But the use of the way, relatively narrow. Very few people will download the htm file locally, then op...

PT-2009-22: EXcms Root directory disclosure vulnerability

EXcms is a content management system CMS software, usually implemented as a Web application, for creating and managing HTML content. It is used to manage and control a large, dynamic collection of Web material HTML documents and their associated images. Vulnerability Description Positive...

RoundCube Webmail <= 0.2b Remote Code Execution Exploit

Exploit for unknown platform in category web applications ======================================================= RoundCube Webmail echoiniget'disablefunctions'; exec, system PHP passthru"id; uname -a"; uid=666www-data gid=666www-data groups=666www-data Linux mail 2.6.28 0 Sun Jan 01 10:05:33 CET...

CVE-2008-5553

The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has...