2482 matches found
Apache HTTP Server mod_proxy Denial Of Service Vulnerability
This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of Apache HTTP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the modproxy module. The issue lies in the processing of HTTP headers...
CVE-2014-3427
CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet...
Crlf injection
CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet...
CVE-2014-3427
CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet...
CVE-2014-3427
CVE-2014-3427 affects Yealink VoIP Phones (validated on firmware 28.72.0.2) and arises from CRLF injection in the servlet handling the model parameter, enabling remote header injection and HTTP response splitting. Impact, as stated: arbitrary HTTP headers can be injected via the model parameter t...
ownCloud Multiple Vulnerabilities-01 (Jul 2014)
ownCloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; if description...
DotDefender <= 3.8-5 No Authentication Remote Code Execution Through XSS
No description provided by source. / DotDefender = 3.8-5 No Authentication Remote Code Execution Through XSS Tested on DotDefender 3.8-5 On Ubuntu Server 9.10 64-bit with Firefox 3.6.3 Paul Hand aka rAWjAW AT offsec.com Original Post-Authentication Remote Command Execution Vulnerability:...
Image Store Remote file Upload Vulnerability
No description provided by source. ============================================= =================================== ============================================= ====== Image Store Remote file Upload Vulnerability ============================================= ===================================...
Abyss Web Server 1.1.2 Incomplete HTTP Request Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7287/info A denial of service vulnerability has been reported for Abyss Web Server. The vulnerability exists when Abyss attempts to parse certain incomplete HTTP headers. GET / HTTP/1.0 Connection: GET / HTTP/1.0 Range:...
Jason Maloney's Guestbook 3.0 - Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9139/info A vulnerability has been reported in Jason Maloney's Guestbook that could result in remote command execution with the privileges of the web server. The problem occurs due to the application failing to sanitize...
11in1 CMS 1.0.1 (do.php) - CRLF Injection Vulnerability
No description provided by source. 11in1 CMS v1.0.1 do.php CRLF Injection Vulnerability Vendor: 11in1 Product web page: http://www.11in1.org Affected version: 1.0.1 Summary: Eleven in One is an open-source content management system CMS that is powered by PHP and MySQL. It does not only help you...
Rash CMS SQL Injection Vulnerability
No description provided by source. ========================================== Rash CMS SQL Injection Vulnerability ========================================== InformatioN Title : Rash CMS SQL Injection Vulnerability Author : keracker Vendor or Software Link : http://rashcms.com Email :...
Microsoft Internet Explorer 5.0.1/6.0 Content-Disposition Handling File Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4752/info An issue exists in the way Microsoft Internet Explorer handles conflicting information in some HTTP headers used to describe non-HTML content. A malicious web server may provide content with misleading values in...
MangosWeb SQL Injection Vulnerability
No description provided by source. EXPLOIT TITLE: MangosWeb SQL Vulnerability DATE: 1/7/2012 BY Hood3dRob1n AFFECTED PRODUCTS: MangosWeb Enhanced Version 3.0.3 SW LINK: http://code.google.com/p/mwenhanced/ CATEGORY: WebApp 0day DORK: intext:MangosWeb ENhanced Version 3.0.3 @2009-2011, KeysWow Dev...
atutor 2.0.2 - Multiple Vulnerabilities
No description provided by source. ATutor 2.0.2 Multiple Remote Vulnerabilities SQLi/XSS/PD Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 2.0.2 build r10589 Summary: ATutor is an Open Source Web-based Learning Content Management System LCMS...
Cyclope Employee Surveillance Solution 6.0 6.1.0 6.2.0 - Multiple Vulnerabilities
No description provided by source. Author: loneferret of Offensive Security Product: Cyclope Employee Surveillance Solution v6.0 Version: 6.1.0 & 6.2.0 Vendor Site: http://www.cyclope-series.com/ Software Download: http://www.cyclope-series.com/download/index.html Software description: The employ...
Cogent DataHub HTTP Server Buffer Overflow
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
MyBB DyMy User Agent Plugin (newreply.php) - SQL Injection Vulnerability
No description provided by source. Exploit title : MyBB DyMy User Agent Plugin SQL injection vulnerability. Author: JoinSe7en Date : 13 Dec 2012 Tested on : Linux Category : Web Applications Software Link : http://mods.mybb.com/view/dymy-user-agent PoC receive admin username We fire up HTTP Live...
Lynx 2.8.x Command Line URL CRLF Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5499/info A CRLF injection vulnerability has been reported for Lynx that may allow an attacker to include extra HTTP headers when viewing web pages. If Lynx is called from the command line, carriage return and line feed...
Free Image Hosting Script Arbitrary File Upload Vulnerability
No description provided by source. ============================================ Free Image Hosting Script Remote File Upload Vulnerability ============================================ Exploit Title: Free Image Hosting Script ALL VERSIONS Remote File Upload Vulnerability Date: 26/12/11 Author:...