CVE-2007-6239

The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service crash via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects...

Jetty < 6.1.6 Multiple Vulnerabilities

Binary data 4307.prm...

Ubuntu 6.06 LTS : mozilla-thunderbird vulnerabilities (USN-297-1)

Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious website could exploit this to execute arbitrary code with the privileges of the user. MFSA 2006-35, CVE-2006-2775 Paul Nickerson discovered that content-defined setters o...

CVE-2007-5595

CRLF injection vulnerability in the drupalgoto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

CVE-2007-5595

CRLF injection vulnerability in the drupalgoto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

Crlf injection

CRLF injection vulnerability in the drupalgoto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

CVE-2007-5595

Drupal 4.7.x before 4.7.8 and 5.x before 5.3 contains a CRLF injection vulnerability in the drupal_goto function (includes/common.inc). Remote attackers can inject arbitrary HTTP headers and perform HTTP response splitting via unspecified vectors. Public references describe fixes upgrading to Dru...

Digest authentication request splitting — Mozilla

Security researcher Stefano Di Paola reported that Firefox did not properly validate the user ID when making an HTTP request using Digest Authentication to log into a web site. A malicious page could abuse this to inject arbitrary HTTP headers by including a newline character in the user ID...

Buffer overflow

Buffer overflow in the Client Acceptor Daemon CAD, dsmcad.exe, in certain IBM Tivoli Storage Manager TSM clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code via crafted HTTP headers, aka IC52905...

CVE-2007-4880

Buffer overflow in the Client Acceptor Daemon CAD, dsmcad.exe, in certain IBM Tivoli Storage Manager TSM clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code via crafted HTTP headers, aka IC52905...

CVE-2007-4880

Buffer overflow in the Client Acceptor Daemon CAD, dsmcad.exe, in certain IBM Tivoli Storage Manager TSM clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code via crafted HTTP headers, aka IC52905...

CVE-2007-4880

CVE-2007-4880 is a buffer overflow in the IBM Tivoli Storage Manager (TSM) Client CAD Service (dsmcad.exe) that allows remote code execution via crafted HTTP headers. Affected are TSM client versions: 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2. Exploitation...

Streamripper: Buffer overflow

Background Streamripper is a tool for extracting and recording mp3 files from a Shoutcast stream. Description Chris Rohlf discovered several boundary errors in the httplibparsescheader function when processing HTTP headers. Impact A remote attacker could entice a user to connect to a malicious...

Tor security advisory: cross-protocol http form attack

http://archives.seul.org/or/announce/Sep-2007/msg00000.html "... a malicious website or Tor exit node can give the Tor user a page that includes a POST element directed to Tor's control port localhost:9051... This particular attack worked because Tor's control protocol gave an error message on...

Debian DSA-1362-2 : lighttpd - several vulnerabilities

Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint, which could allow the execution of arbitrary code via the overflow of CGI variables when modfcgi was enabled. The Common Vulnerabilities and Exposures project identifies the following problems : -...

Code injection

Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service disk consumption via certain malformed HTTP headers...

CVE-2007-4618

Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service disk consumption via certain malformed HTTP headers...

CVE-2007-4618

Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service disk consumption via certain malformed HTTP headers...

DSA-1362-1 lighttpd - several vulnerabilities

Bulletin has no description...

olatedownload-sql.txt

-Summary- Software: Olate Download Sowtwares Web Site: http://www.olate.co.uk/ Versions: 3.4.2 Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered by: imei addmimistrator Risk Level: Middel Description Olate download is prone to SQL injection in download.php file...