CVE-2006-6684

Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a long X-Forwarded-For HTTP header. NOTE: The provenance of this information is unknown; the details are obtained...

CVE-2006-6679

The issue affects chetcpasswd prior to version 2.4, where ACL checks rely on the X-Forwarded-For header. This header spoofing allows remote attackers to gain unauthorized access. Root cause: authentication/authorization logic trusts X-Forwarded-For for client status in IP ACLs. Documented impact:...

Flash Player HTTP Header CRLF Injection (APSB06-18)

According to its version number, the instance of Flash Player on the remote Windows host contains two ways for a remote attacker to perform arbitrary HTTP requests while controlling most of the HTTP headers. A remote attacker may be able to leverage these issues to conduct cross-site request...

[SA22864] Netquery "User-Agent" HTTP Header Script Insertion

TITLE: Netquery "User-Agent" HTTP Header Script Insertion SECUNIA ADVISORY ID: SA22864 VERIFY ADVISORY: http://secunia.com/advisories/22864/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Netquery 4.x http://secunia.com/product/12587/ DESCRIPTION: Tal Argoni has...

Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpstk.dll library within the dhost.exe web interface of the eDirectory Host...

CVE-2006-5508

Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via 1 the n parameter and 2 the User-Agent HTTP header...

Streamripper <= 1.61.25 HTTP Header Parsing Buffer Overflow Exploit

No description provided by source. / . \ \ \ \ | | / | | | | \ / / /\ \ / \ | | \ / | |/ | |/ / \ / \ | / \ // | Y / ^ /\ | //\ \ /| / / || /\ | \ | \ / / / / 29\08\06 / || / / mm. dM8 YMMMb. dMM8 YMMMMb dMMM' YMMMb dMMMP There are doors I have yet to open YMMM MMM' windows I have yet...

Rapid7 Advisory R7-0026: HTTP Header Injection Vulnerabilities in the Flash Player Plugin

Rapid7 Advisory R7-0026 HTTP Header Injection Vulnerabilities in the Flash Player Plugin Published: Oct 17, 2006 Revision: 1.0 http://www.rapid7.com/advisories/R7-0026.jsp 1. Affected Systems: KNOWN VULNERABLE: o Flash Player plugin 9.0.16 for Windows o Flash Player plugin 7.0.63 for Linux PROBAB...

HTTP header injection in Macromedia Flash plugin

No description provided...

CVE-2006-5287

Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 allow remote attackers to execute arbitrary SQL commands via 1 the User-Agent HTTP header, or the 2 gbentrytext, 3 gblocation, 4 gbfullname, or 5 gbsex parameters...

CVE-2006-5227

Cross-site scripting XSS vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via 1 the $useragent variable, probably obtained from the User-Agent HTTP header, and possibly 2 the $ipresolved variable...

CVE-2006-5227

Cross-site scripting XSS vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via 1 the $useragent variable, probably obtained from the User-Agent HTTP header, and possibly 2 the $ipresolved variable...

GLSA-200609-10 : DokuWiki: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200609-10 DokuWiki: Arbitrary command execution 'rgod' discovered that DokuWiki doesn't sanitize the X-FORWARDED-FOR HTTP header, allowing the injection of arbitrary contents - such as PHP commands - into a file. Additionally, the...

DokuWiki: Arbitrary command execution

Background DokuWiki is a wiki targeted at developer teams, workgroups and small companies. It does not use a database backend. Description "rgod" discovered that DokuWiki doesn't sanitize the X-FORWARDED-FOR HTTP header, allowing the injection of arbitrary contents - such as PHP commands - into a...

CVE-2006-4674

Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php...

CVE-2006-4674

Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php...

CVE-2006-4451

Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the 1 User-Agent HTTP header in tag.php, which is executed by all.php, and 2 the banned parameter in adminindex.php...

CVE-2006-4451

Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the 1 User-Agent HTTP header in tag.php, which is executed by all.php, and 2 the banned parameter in adminindex.php...

streamripper-2.txt

/ . \ \ \ \ | | / | | | | \ / / /\ \ / \ | \ / / / / 29\08\06 / || / / mm. dM8 YMMMb. dMM8 YMMMMb dMMM' YMMMb dMMMP There are doors I have yet to open YMMM MMM' windows I have yet to look through "MbdMP Going forward may not be the answer .dMMMMMM.P dMM MMMMMM maybe I should go back...

Streamripper 1.61.25 - HTTP Header Parsing Buffer Overflow (2)

/ name: streamripper exploit.exe 80 0 public-release streamripper streamripper.exe http://127.0.0.1:80 Connecting... on other shell + client conneted! + exploit send check shell on port 4444 now connect to 127.0.0.1:4444 / / define WIN32 / include include include ifdef WIN32 include pragma...