CRIME vulnerability via the SPDY protocol CVE-2012-4930

The SPDY protocol 3, and earlier, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data. This allows man-in-the-middle attackers to obtain plain text HTTP headers by observing length differences during a series of guesses in which a string i...

SOL14059 - CRIME vulnerability via the SPDY protocol CVE-2012-4930

The SPDY protocol 3, and earlier, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data. This allows man-in-the-middle attackers to obtain plain text HTTP headers by observing length differences during a series of guesses in which a string i...

[SECURITY] Fedora 17 Update: perl-CGI-3.52-218.fc17

CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some...

MyBB DyMy User Agent SQL Injection

Exploit title : MyBB DyMy User Agent Plugin SQL injection vulnerability. Author: JoinSe7en Date : 13 Dec 2012 Tested on : Linux Category : Web Applications Software Link : http://mods.mybb.com/view/dymy-user-agent PoC receive admin username We fire up HTTP Live Headers or a similar tool, post...

MyBB DyMy User Agent Plugin - newreply.php SQL Injection

MyBB DyMy User Agent Plugin - newreply.php SQL Injection Exploit title : MyBB DyMy User Agent Plugin SQL injection vulnerability. Author: JoinSe7en Date : 13 Dec 2012 Tested on : Linux Category : Web Applications Software Link : http://mods.mybb.com/view/dymy-user-agent PoC receive admin username...

DSA-2587-1 libcgi-pm-perl - HTTP header injection

Bulletin has no description...

CVE-2011-2732

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter...

CVE-2011-2732

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter...

Crlf injection

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter...

CVE-2011-2732

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter...

Debian DSA-2579-1 : apache2 - Multiple issues

A vulnerability has been found in the Apache HTTPD Server : - CVE-2012-4557 A flaw was found when modproxyajp connects to a backend server that takes too long to respond. Given a specific configuration, a remote attacker could send certain requests, putting a backend server into an error state...

osCommerce Authentication Bypass (misconfigured htaccess)

Exploit for php platform in category web applications Exploit Title : osCommerce Authentication Bypass misconfigured htaccess Google Dork : "Powered by osCommerce" or you can try own dorks Exploit Author: D35m0nd142 Vendor Homepage: http://www.oscommerce.com/ Tested on: Linux Ubuntu 12.04 with...

A lot of the rebate built Station system V8 installation vulnerability-vulnerability warning-the black bar safety net

Brief description of the A lot of the rebate built Station system after installing the site, will put the install folder of the install. php renamed the install. php. lock, but in this file we can access to, so use the capture tool, you can reinstall the site. The use of Description 1, FireFox to...

Crlf injection

CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

CVE-2012-4023

Pebble (open source weblog system) is vulnerable to a CRLF/HTTP header injection in versions prior to 2.6.4. The issue allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via unspecified vectors, potentially forging content displayed to the user, executing...

Citrix Access Gateway Plug-in for Windows ActiveX Control StartEPA() Method HTTP Response Header Parsing Overflows (CTX134303)

The Citrix Access Gateway ActiveX control for Citrix Access Gateway Enterprise Edition is installed on the remote Windows host. It is the ActiveX component of the Citrix Access Gateway Plug-in for Windows and provides an SSL-based VPN via a web browser. The installed version of this control...

Detecting Advanced Persistent Threat with Network Traffic Analysis

A high degree of stealthiness over a prolonged duration of operation in order to do a successful cyber attack can be defined as Advanced Persistent Threat. The attack objectives therefore typically extend beyond immediate financial gain, and compromised systems continue to be of service even afte...

[SECURITY] Fedora 17 Update: haproxy-1.4.22-1.fc17

HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread the load among several servers while assuring server persistence through the use of HTTP cookies - switch t...

[SECURITY] Fedora 16 Update: haproxy-1.4.22-1.fc16

HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread the load among several servers while assuring server persistence through the use of HTTP cookies - switch t...

[SECURITY] Fedora 18 Update: haproxy-1.4.22-1.fc18

HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread the load among several servers while assuring server persistence through the use of HTTP cookies - switch t...