Crlf injection

CRLF injection vulnerability in the HMI web application in Siemens WinCC TIA Portal 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL...

CVE-2013-0670

CRLF injection vulnerability in the HMI web application in Siemens WinCC TIA Portal 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL...

Squid 3.x < 3.2.9 / 3.3.3 strHdrAcptLangGetItem Malformed Accept-Language Denial of Service

According to its banner, the version of Squid running on the remote host is 3.2.x prior to 3.2.9 or 3.3.x prior to 3.3.3 and is, therefore, affected by a denial of service vulnerability. An error exists in the function 'strHdrAcptLangGetItem' in the file 'errorpage.cc' that could allow certain...

Apache HTTP Server mod_rpaf x-forwarded-for Denial of Service - Improved Confidence (CVE-2012-3526)

A denial of service vulnerability has been reported in Apache's HTTP Server. The vulnerability is caused due to an error while processing certain http headers. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to a target. Successful exploitation will lea...

pidgin: MXit protocol stack-based buffer overflow when processing HTTP headers

Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header...

SSL/TLS CRIME attack against HTTPS

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differenc...

Varnish 2.1.5 DoS in STV_alloc&#40;&#41; while parsing Content-Length header

STValloc | st != NULL Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 2.1.5 Full panic message: Panic message: Assert error in STValloc, stevedore.c line 192:012 Conditionst != NULL not true. Summary: Varnish 2.1.5 crash and restart via...

Varnish multiple security vulnerabilities

Different DoS conditions on HTTP headers parsing...

Responsive Article Directory Script Shell Upload Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Varnish 2.1.5 / 3.0.3 Denial Of Service

STValloc | st != NULL Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 2.1.5 Full panic message: Panic message: Assert error in STValloc, stevedore.c line 192:012 Conditionst != NULL not true. Summary: Varnish 2.1.5 crash and restart via...

Nmap NSE 6.01: http-headers

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : pidgin vulnerabilities (USN-1746-1)

Chris Wysopal discovered that Pidgin incorrectly handled file transfers in the MXit protocol handler. A remote attacker could use this issue to create or overwrite arbitrary files. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10. CVE-2013-0271 It was discovered that Pidgi...

USN-1746-1: Pidgin vulnerabilities

Chris Wysopal discovered that Pidgin incorrectly handled file transfers in the MXit protocol handler. A remote attacker could use this issue to create or overwrite arbitrary files. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10. CVE-2013-0271 It was discovered that Pidgi...

CVE-2012-6072

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via...

CVE-2012-6072

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via...

CVE-2012-6072

CVE-2012-6072 is a CRLF injection vulnerability in Jenkins core exposed to remote attackers who can inject HTTP headers and trigger HTTP response splitting via unspecified vectors. Affected are Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.4...

PHP apache_request_headers Function Buffer Overflow (CVE-2012-2329)

A buffer overflow was reported in the apacherequestheaders function in PHP. The vulnerability is due to the insecure handling of the HTTP headers. An attacker can exploit this issue by sending a specially crafted HTTP request to the target server. Successful exploitation may allow the attacker to...

CVE-2012-5875

Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service NULL pointer dereference via a 1 crafted Connection HTTP header; a return carriage control character in the 2 Accept Language header, 3 User-agent header, 4 Host header, or 5 protocol version; or a 6 crafted HTTP...

MyBB editpost.php SQL Injection

MyBB...

MyBB 1.6.9 - editpost.php?posthash Blind SQL Injection

MyBB 1.6.9 - editpost.php?posthash Blind SQL Injection MyBB...