2478 matches found
GLSA-200708-11 : Lighttpd: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200708-11 Lighttpd: Multiple vulnerabilities Stefan Esser discovered errors with evidence of memory corruption in the code parsing the headers. Several independent researchers also reported errors involving the handling of HTTP...
Streamripper stream to MP3 ripper buffer overflow
Multiple buffer overflow on HTTP headers parsing...
CVE-2007-4337
Multiple buffer overflows in the httplibparsescheader function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long 1 Location and 2 Server HTTP headers, a different vulnerability than CVE-2006-3124...
CVE-2007-4337
Multiple buffer overflows in the httplibparsescheader function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long 1 Location and 2 Server HTTP headers, a different vulnerability than CVE-2006-3124...
Buffer overflow
Multiple buffer overflows in the httplibparsescheader function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long 1 Location and 2 Server HTTP headers, a different vulnerability than CVE-2006-3124...
CVE-2007-4337
Multiple buffer overflows in the httplibparsescheader function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long 1 Location and 2 Server HTTP headers, a different vulnerability than CVE-2006-3124...
CVE-2007-4337
CVE-2007-4337 describes multiple buffer overflows in Streamripper’s httplib_parse_sc_header() in lib/http.c, allowing remote code execution via crafted long HTTP headers (Location and Server). Affected software: Streamripper prior to version 1.62.2. Root cause: buffer overflows in header parsing....
Crlf injection
CRLF injection vulnerability in Joomla! before 1.0.13 aka Sunglow allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting XSS attacks. NOTE: some of...
Crlf injection
CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting XS...
FreeBSD : joomla -- multiple vulnerabilities (4872d9a7-4128-11dc-bdb0-0016179b2dd5)
A Secunia Advisory reports : joomla can be exploited to conduct session fixation attacks, cross-site scripting attacks or HTTP response splitting attacks. Certain unspecified input passed in comsearch, comcontent and modlogin is not properly sanitised before being returned to a user. This can be...
Crlf injection
CRLF injection vulnerability in the redirect function in urlhelper.php in CodeIgniter 1.5.3 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, as demonstrated by a Set-Cookie header...
CVE-2007-3709
CRLF injection vulnerability in the redirect function in urlhelper.php in CodeIgniter 1.5.3 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, as demonstrated by a Set-Cookie header...
CVE-2007-3709
The CVE-2007-3709 entry concerns a CRLF injection in CodeIgniter 1.5.3. The vulnerability lies in the redirect function of url_helper.php, where an unspecified parameter can be tainted to inject arbitrary HTTP headers via CRLF sequences, as demonstrated by a Set-Cookie header. Affected product/ve...
CVE-2007-3709
CRLF injection vulnerability in the redirect function in urlhelper.php in CodeIgniter 1.5.3 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, as demonstrated by a Set-Cookie header...
Crlf injection
CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTPREFERER parameter...
CVE-2007-3686
CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTPREFERER parameter...
Trend Micro OfficeScan Server CGI Modules Multiple Vulnerabilities
The remote host appears to be running Trend Micro OfficeScan Server or Client Server Messaging Security for SMB. The version of OfficeScan Server or Client Server Messaging Security for SMB installed on the remote host reportedly contains a buffer overflow issue that could allow a remote attacker...
Design/Logic Flaw
Xythos Enterprise Document Manager XEDM, Digital Locker XDL, and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution...
CVE-2007-3256
Xythos Enterprise Document Manager XEDM, Digital Locker XDL, and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution...
CVE-2007-3256
Xythos Enterprise Document Manager XEDM, Digital Locker XDL, and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution...