Preemptive Protection against Nagios "Content-Length" Header Buffer Overflow Vulnerability

Nagios is an open source host, service and network monitoring program. The product?s functionality is implemented through a number of CGI programs. A vulnerability has been identified in Nagios, specifically due to buffer overflow errors in various CGI scripts that do not properly process a...

CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

Integer overflow

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

GLSA-200605-07 : Nagios: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200605-07 Nagios: Buffer overflow Sebastian Krahmer of the SuSE security team discovered a buffer overflow vulnerability in the handling of a negative HTTP Content-Length header. Impact : A buffer overflow in Nagios CGI scripts...

Cross site scripting

Cross-site scripting XSS vulnerability in PassMasterFlex and PassMasterFlexPlus PassMasterFlex+ 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 username, 2 password, or 3 User-Agent HTTP header in the Hack Log...

CVE-2006-2340

Cross-site scripting XSS vulnerability in PassMasterFlex and PassMasterFlexPlus PassMasterFlex+ 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 username, 2 password, or 3 User-Agent HTTP header in the Hack Log...

[Full-disclosure] [ GLSA 200605-07 ] Nagios: Buffer overflow

Gentoo Linux Security Advisory GLSA 200605-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

CVE-2006-2162

Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length Content-Length HTTP header...

CVE-2006-2162

Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length Content-Length HTTP header...

Buffer overflow

Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length Content-Length HTTP header...

CVE-2006-2162

Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length Content-Length HTTP header...

CVE-2006-2131

include/classpoll.php in Advanced Poll 2.0.4 uses the HTTPXFORWARDEDFOR X-Forwarded-For HTTP header to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions...

CVE-2006-2131

include/classpoll.php in Advanced Poll 2.0.4 uses the HTTPXFORWARDEDFOR X-Forwarded-For HTTP header to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions...

clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability

Secunia reports: A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS Denial of Service and potentially to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the HTTP client in the Freshclam command line...

CVE-2006-1645

CVE-2006-1645 affects ReloadCMS 1.2.5 and earlier. The vulnerability is a Cross-site Scripting (XSS) issue where an attacker can inject arbitrary script or HTML through the User-Agent header, which is reflected in admin/modules/general/statistic.php in the administration panel. Exploitation is re...

CVE-2006-1619

IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service application crash via an HTTP request with a large header...

Crlf injection

CRLF injection vulnerability in inc/function.php in MyBulletinBoard MyBB 1.04 allows remote attackers to conduct cross-site scripting XSS, poison caches, or hijack pages via CRLF %0A%0D sequences in the Referrer HTTP header field, possibly when redirecting to other web pages...

CVE-2006-1282

CRLF injection vulnerability in inc/function.php in MyBulletinBoard MyBB 1.04 allows remote attackers to conduct cross-site scripting XSS, poison caches, or hijack pages via CRLF %0A%0D sequences in the Referrer HTTP header field, possibly when redirecting to other web pages...