osCommerce 2.2 - Authentication Bypass

osCommerce 2.2 - Authentication Bypass source: https://www.securityfocus.com/bid/7357/info osCommerce has been reported prone to authentication bypass vulnerability. It has been reported that osCommerce uses HTTP header information as a part of its authentication mechanism. Reportedly an attacker...

osCommerce 2.2 - Authentication Bypass

source: https://www.securityfocus.com/bid/7357/info osCommerce has been reported prone to authentication bypass vulnerability. It has been reported that osCommerce uses HTTP header information as a part of its authentication mechanism. Reportedly an attacker may spoof parts of the HTTP header and...

Pserv 2.0 - User-Agent HTTP Header Buffer Overflow (1)

source: https://www.securityfocus.com/bid/6286/info A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections. An attacker can exploit this vulnerability by issuing a HTTP request with an overly...

ZoneEdit Account Hijack Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== secondmotion-SM-SA-02-02 Security Advisory ===================================================================== Topic: ZoneEdit Account Hijack Vulnerability Announced: 2002-11-05...

CVE-2002-1168

Cross-site scripting XSS vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" CRLF sequence, which echoes the Location as an HTTP...

Linksys WAP11 1.3/1.4 / D-Link DI-804 4.68/Dl-704 2.56 b5 - Embedded HTTP Server Denial of Service

source: https://www.securityfocus.com/bid/6090/info A denial of service vulnerability has been reported for several networking devices. The condition will be triggered when the embedded web server, used by the devices, receives an overly long HTTP header. An attacker can exploit this vulnerabilit...

IBM Websphere Edge Server 3.694.0 - HTTP Header Injection

IBM Websphere Edge Server 3.694.0 - HTTP Header Injection source: https://www.securityfocus.com/bid/6001/info A vulnerability has been discovered in the Caching Proxy component bundled with the IBM Websphere Edge Server. Due to insufficient sanitization of user-supplied input it is possible for a...

IBM Websphere Edge Server 3.69/4.0 - HTTP Header Injection

source: https://www.securityfocus.com/bid/6001/info A vulnerability has been discovered in the Caching Proxy component bundled with the IBM Websphere Edge Server. Due to insufficient sanitization of user-supplied input it is possible for an attacker to construct a malicious link which contains...

CVE-2002-1032

Buffer overflow in KeyFocus KF web server 1.0.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed HTTP header...

PHP 4.2.3 - Header Function Script Injection

source: https://www.securityfocus.com/bid/5669/info PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems. It has been reported that a vulnerability in the PHP header function exists. It may be possible for ...

CVE-2002-1032

Buffer overflow in KeyFocus KF web server 1.0.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed HTTP header...

Web Server HTTP Header Handling Remote Overflow

It was possible to kill the web server by sending an invalid request with a long header name or value. A remote attacker may exploit this vulnerability to make the web server crash continually or even execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if description...

Проблемы в Avirt Gateway Suit (buffer overflow, unauthorized access)

Переполнение буфера при длинном HTTP-заголовке. Кроме того, telnet-прокси позволяет полный консольный доступ к системе...

Web Server HTTP Header Internal IP Disclosure

This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation NAT Firewall or proxy server. There is a known issue with Microsoft IIS 4.0 doing this in its default configuration. This may also affect other web servers, web applications, web proxies,...

CVE-2001-0524

eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier...

CVE-2001-0524

eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier...

Lotus Domino vulnerable to DoS via crafted HTTP header requests

Overview The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Description HTTP requests with uniquely crafted headers using "Accept", "Accept-Charset", "Accept-Encoding", "Accept-Language" or "Content-Type" are not freed properly. This means that...

CVE-2001-0433

Buffer overflow in Savant 3.0 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Host HTTP header...

CVE-2001-0433

Buffer overflow in Savant 3.0 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Host HTTP header...

def-2001-20: Lotus Domino Multiple DoS

====================================================================== Defcom Labs Advisory def-2001-20 Lotus Domino Multiple DoS Author: Peter Grьndl [email protected] Release Date: 2001-04-11 ======================================================================...