Design/Logic Flaw

http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service application crash via a negative value in the Content-Length HTTP header...

CVE-2007-2556

SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For XFORWARDEDFOR HTTP header, as demonstrated by a request to the /nk/ URI...

Sql injection

SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For XFORWARDEDFOR HTTP header, as demonstrated by a request to the /nk/ URI...

Sql injection

Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a 1 nickname or 2 Id in a cookie, or 3 the X-Forwarded-For XFORWARDEDFOR HTTP header...

CVE-2007-2537

Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a 1 nickname or 2 Id in a cookie, or 3 the X-Forwarded-For XFORWARDEDFOR HTTP header...

NPDS <= 5.10 - Multiple SQL injections

|Description:| Security holes were found in NPDS 5.10. N°1: Sql Injection in cookies File Mainfile.php lines 655 to 691. No check is carried out on nicknames or Id which can allow an attacker to modify a SQL request so as to obtain data. N°2: SQL Injection due to a bad use of "XFORWARDEDFOR" file...

Net Portal Dynamic System (NPDS) 5.10 Remote Code Execution (2)

No description provided by source. ?php /--------------------------------------------------------- NPDS = 5.10 - Remote Code Execution exploit |Description:| Security holes were found in NPDS 5.10. N掳1: Sql Injection in cookies File Mainfile.php lines 655 to 691. No check is carried out on...

CVE-2007-2235

Multiple cross-site scripting XSS vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 Referer HTTP header to misc.php or the 2 category name when deleting a category in admincategories.php...

CVE-2007-2235

Multiple cross-site scripting XSS vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 Referer HTTP header to misc.php or the 2 category name when deleting a category in admincategories.php...

CVE-2007-2046

Multiple CRLF injection vulnerabilities in adclick.php in a Openads phpAdsNew 2.0.11 and earlier and b Openads for PostgreSQL phpPgAds 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in 1 the dest parameter...

CVE-2007-1963

CVE-2007-1963 describes an SQL injection in MyBB (MyBulletinBoard) up to version 1.2.3, exploitable through the Client-IP HTTP header in the create_session function of class_session.php. The vulnerability permits remote SQL commands and is a related issue to CVE-2006-3775. The initial description...

Directory traversal

Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. dot dot sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header...

CVE-2006-7172

Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the 1 PC-REMOTE-ADDR HTTP header, which is inserted into $SERVER'HTTPPCREMOTEADDR', or 2 ip parameter...

CVE-2007-1501

Stack-based buffer overflow in Avant Browser 11.0 build 26 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long Content-Type HTTP header...

Stack overflow

Stack-based buffer overflow in Avant Browser 11.0 build 26 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long Content-Type HTTP header...

CVE-2007-1501

Stack-based buffer overflow in Avant Browser 11.0 build 26 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long Content-Type HTTP header...

CVE-2007-1501

CVE-2007-1501 affects Avant Browser 11.0 build 26, where a stack-based buffer overflow can be triggered by a long Content-Type HTTP header. This may allow remote attackers to cause a crash (DoS) and potentially execute arbitrary code. Exploitation details are not provided in the initial documents...

CVE-2007-1493

nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172...

Sql injection

nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172...

CVE-2007-1406

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...