Apache privilege escalation

Privilege escalation with SetEnvIf in conjunction with crafted HTTP headers...

MangosWeb - SQL Injection

MangosWeb - SQL Injection EXPLOIT TITLE: MangosWeb SQL Vulnerability DATE: 1/7/2012 BY Hood3dRob1n AFFECTED PRODUCTS: MangosWeb Enhanced Version 3.0.3 SW LINK: http://code.google.com/p/mwenhanced/ CATEGORY: WebApp 0day DORK: intext:MangosWeb ENhanced Version 3.0.3 @2009-2011, KeysWow Dev Team...

Free Image Hosting Script [ALL VERSIONS] Remote File Upload

Exploit for php platform in category web applications ,---. o | , . ---. ,---. ,---. . . ,---. . |--- , . | | | |---' | | | | | | | | ---| ---' ---' ---' ---' ---' ---| ---' ---' ============================================ Free Image Hosting Script Remote File Upload Vulnerability...

Free Image Hosting Script - Arbitrary File Upload

Free Image Hosting Script - Arbitrary File Upload ============================================ Free Image Hosting Script Remote File Upload Vulnerability ============================================ Exploit Title: Free Image Hosting Script ALL VERSIONS Remote File Upload Vulnerability Date:...

Free Image Hosting Shell Upload

============================================ Free Image Hosting Script Remote File Upload Vulnerability ============================================ Exploit Title: Free Image Hosting Script ALL VERSIONS Remote File Upload Vulnerability Date: 26/12/11 Author: ySecurity Vendor or Software Link:...

Free Image Hosting Script - Arbitrary File Upload

============================================ Free Image Hosting Script Remote File Upload Vulnerability ============================================ Exploit Title: Free Image Hosting Script ALL VERSIONS Remote File Upload Vulnerability Date: 26/12/11 Author: ySecurity Vendor or Software Link:...

CVE-2011-4203

CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable...

Crlf injection

CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable...

CVE-2011-4203

The CVE-2011-4203 issue affects Moodle’s Calendar component, specifically calendar/set.php. The root cause is a CRLF injection via the url parameter, allowing remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting. Affected versions are Moodle 1.9.x before 1.9.15, 2...

CVE-2011-4854

The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 does not ensure that Content-Type HTTP headers match the corresponding Content-Type data in HTML META elements, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving the...

Design/Logic Flaw

The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 does not ensure that Content-Type HTTP headers match the corresponding Content-Type data in HTML META elements, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving the...

CVE-2011-4854

The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 does not ensure that Content-Type HTTP headers match the corresponding Content-Type data in HTML META elements, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving the...

Crlf injection

CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter...

CVE-2011-4545

The CVE refers to a CRLF injection in Prestashop 1.4.4.1, specifically in admin/displayImage.php, exploitable via the name parameter to inject arbitrary HTTP headers and conduct HTTP response splitting. The NVD entry lists a base score of 5.0 (Medium) with network attack vector, low complexity, n...

CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

11in1 CMS 1.0.1 - do.php CRLF Injection

11in1 CMS 1.0.1 - do.php CRLF Injection 11in1 CMS v1.0.1 do.php CRLF Injection Vulnerability Vendor: 11in1 Product web page: http://www.11in1.org Affected version: 1.0.1 Summary: Eleven in One is an open-source content management system CMS that is powered by PHP and MySQL. It does not only help...

11in1 CMS v1.0.1 (do.php) CRLF Injection Vulnerability

Summary Eleven in One is an open-source content management system CMS that is powered by PHP and MySQL. It does not only help you manage your personal blog but also maintain your postings at social networks. By establishing consistency among the data transmitted from and to the blog, this CMS...

11in1 CMS v1.0.1 (do.php) CRLF Injection Vulnerability

Exploit for php platform in category web applications 11in1 CMS v1.0.1 do.php CRLF Injection Vulnerability Vendor: 11in1 Product web page: http://www.11in1.org Affected version: 1.0.1 Summary: Eleven in One is an open-source content management system CMS that is powered by PHP and MySQL. It does...

Google Chrome < 15.0.874.102 Multiple Vulnerabilities

Binary data 800887.prm...

CVE-2011-3880

Google Chrome before 15.0.874.102 does not prevent use of an unspecified special character as a delimiter in HTTP headers, which has unknown impact and remote attack vectors...