squid security update

CentOS Errata and Security Advisory CESA-2007:1130-04 Updated squid packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Squid is a high-performance...

CVE-2007-6622

SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

Sql injection

SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

CentOS 3 / 4 / 5 : squid (CESA-2007:1130)

Updated squid packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Squid is a high-performance proxy caching server for Web clients, supporting FTP,...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via 1 the link parameter or 2 the User-Agent HTTP header...

CVE-2007-6307

Multiple cross-site scripting XSS vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via 1 the link parameter or 2 the User-Agent HTTP header...

JVN#77730435 Multiple Cybozu products vulnerable to HTTP header injection

Multiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers. Impact A remote attacker can conduct cache poisoning, send an arbitrary cookie, or execute an arbitrary script on the user's web browser. Solution Update the Software For more...

CVE-2007-5615

CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

Referer-spoofing via window.location race condition — Mozilla

Gregory Fleischer demonstrated that it was possible to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property. This could be used to conduct a Cross-site Request Forgery CSRF attack against websites that rely only on the Referer header as...

Sql injection

SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...

CVE-2007-6083

SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...

CVE-2007-6083

SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...

IceBB HTTP_X_FORWARDED_FOR变量远程SQL注入漏洞

BUGTRAQ ID: 26483 IceBB是一个基于PHP+MySQL的开源论坛系统。 IceBB处理畸形用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞执行SQL注入攻击，非授权操作数据库。 IceBB的index.php脚本没有正确地验证对X-Forwarded-For HTTP头的输入。在/includes/functions.php文件的73行： $ip = empty$SERVER'HTTPXFORWARDEDFOR' ? $SERVER'REMOTEADDR' : $SERVER'HTTPXFORWARDEDFOR'; $ip = $this-cleankey$ip;...

IBM Websphere Application Server 5.1.1 - WebContainer HTTP Request Header Security

source: https://www.securityfocus.com/bid/26457/info IBM WebSphere Application Server is prone to a security weakness regarding an HTTP request header. The software fails to sanitize a certain HTTP header when the data is redirected to an error message. An attacker may exploit this issue to steal...

CVE-2007-5944

Cross-site scripting XSS vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server WAS 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are...

Format string

Format string vulnerability in the wsaddarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the 1 username or 2 password portion of base64-encoded...

CVE-2007-5825

Format string vulnerability in the wsaddarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the 1 username or 2 password portion of base64-encoded...

openSUSE 10 Security Update : libsoup (libsoup-2503)

This update fixes a bug in the HTTP header parsing code. Applications using this library maybe vulnerable to a remote denial-of-service attack. CVE-2006-5876 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

tomcat accept-language xss flaw

Cross-site scripting XSS vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616"...

CVE-2007-5222

SQL injection vulnerability in index.php in MAXdev MDPro MD-Pro 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header...