CVE-2006-0896

Cross-site scripting XSS vulnerability in Sources/Register.php in Simple Machine Forum SMF 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field...

CVE-2006-0864

filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value...

Code injection

Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php...

CVE-2006-0852

Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php...

CVE-2005-4724

SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field in an HTTP header...

CVE-2005-4687

PunBB 1.2.9 (used standalone or with F-ART BLOG:CMS) trusts the client IP from the X-Forwarded-For header instead of the TCP/IP stack, enabling IP address spoofing by remote attackers. Red Hat and CVE records corroborate this vulnerability in PunBB 1.2.9. The underlying issue is header-based IP e...

CA iTechnology iGateway Service Content-Length Buffer Overflow

The remote host is using CA iTechnology iGateway service, a software component used in various products from CA. The version of the iGateway service installed on the remote host reportedly fails to sanitize Content-Length HTTP header values before using them to allocate heap memory. An attacker c...

GLSA-200512-12 : Mantis: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200512-12 Mantis: Multiple vulnerabilities Tobias Klein discovered that Mantis contains several vulnerabilities, including: a file upload vulnerability. an injection vulnerability in filters. a SQL injection vulnerability in the...

[DRUPAL-SA-2005-008] Drupal 4.6.4 / 4.5.6 fixes XSS and HTTP header injection issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2005-008 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2005-008 Project: Drupal core Date: 2005-11-30 Security risk: less critical...

DRUPAL-SA-2005-008 XSS and HTTP header injection vulnerability with uploaded files

Paul Laudanski informed us that it's possible to attach files that are able to run Javascript under Internet Explorer. Further investigation of the problem revealed that the same method can be used to inject arbitrary HTTP headers. Versions affected Drupal 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5...

TelCondex Simple Webserver Buffer Overflow

The TelCondex SimpleWebserver is vulnerable to a remote executable buffer overflow, due to missing length check on the referer-variable of the HTTP-header. OpenVAS Vulnerability Test $Id: telcondex.nasl 6063 2017-05-03 09:03:05Z teissa $ Description: TelCondex Simple Webserver Buffer Overflow...

Format string on HTTP header name

The remote web server seems to be vulnerable to a format string attack on HTTP headers names. SPDX-FileCopyrightText: 2004 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

TelCondex Simple Webserver Buffer Overflow

The TelCondex SimpleWebserver is vulnerable to a remote executable buffer overflow, due to missing length check on the referer-variable of the HTTP-header. SPDX-FileCopyrightText: 2003 Matt North Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

HTTP Header Overflow DoS Vulnerability

It was possible to kill the web server by sending an invalid request with a too long header name or value. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Guppy Multiple HTTP Header XSS

The remote host is running Guppy, a CMS written in PHP. The remote version of this software does not properly sanitize input to the Referer and User-Agent HTTP headers before using it in the 'error.php' script. A malicious user can exploit this flaw to inject arbitrary script and HTML code into a...

CVE-2005-2703

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting...

CVE-2005-2703

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting...

CVE-2005-2703

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting...

security flaw

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting...

CuteNews 1.4.0 remote code execution

CuteNews 1.4.0 possibly prior versions remote code execution software: site: http://cutephp.com/ description: "Cute news is a powerful and easy for using news management system that use flat files to store its database. It supports comments, archives, search function, image uploading, backup...