CVE-2007-2550

Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to 1 cart.php or 2 index.php...

Crlf injection

CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 aka Max Media Manager, MMM before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE: some of these details a...

Crlf injection

Multiple CRLF injection vulnerabilities in adclick.php in a Openads phpAdsNew 2.0.11 and earlier and b Openads for PostgreSQL phpPgAds 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in 1 the dest parameter...

CVE-2007-2046

Multiple CRLF injection vulnerabilities in adclick.php in a Openads phpAdsNew 2.0.11 and earlier and b Openads for PostgreSQL phpPgAds 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in 1 the dest parameter...

CVE-2007-2047

Openads 2.3 (aka Max Media Manager, MMM) is affected by a CRLF injection in www/delivery/ck.php, tractable before 0.3.31-alpha-pr3. The vulnerability allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via CRLF sequences in the destination parameter. Impac...

CVE-2007-1204

Stack-based buffer overflow in the Universal Plug and Play UPnP service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption...

Stack overflow

Stack-based buffer overflow in the Universal Plug and Play UPnP service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption...

CVE-2007-1204

Stack-based buffer overflow in the Universal Plug and Play UPnP service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption...

CVE-2007-1204

The CVE-2007-1204 issue affects Microsoft Windows XP SP2 with the UPnP service. It is a stack-based buffer overflow triggered by specially crafted HTTP headers in UPnP requests/notifications, allowing a remote attacker on the same subnet to execute arbitrary code in the context of the vulnerable ...

Crlf injection

CRLF injection vulnerability in IBM WebSphere Application Server WAS before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header...

CVE-2007-1608

CVE-2007-1608 affects IBM WebSphere Application Server (WAS) 6.0.x prior to 6.0.2.19. The root cause is a CRLF injection in input handling that allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting. Impact is exposure of manipulated response headers with pot...

PHP-Stats 0.1.9.1b - 'PC-REMOTE-ADDR' SQL Injection

126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex = '\b\d1,3.\d1,3.\d1,3.\d1,3:\d1,5...

CVE-2006-7123

Multiple SQL injection vulnerabilities in BSQ Sitestats component for Joomla 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via 1 unspecified parameters when importing the a ip-to-country.csv file; and the 2 HTTP Referer, 3 HTTP User Agen...

PHP <= 4.4.4 unserialize() ZVAL Reference Counter Overflow Exploit PoC

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...

Mandrake Linux Security Advisory : libsoup (MDKSA-2007:029)

The soupheadersparse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service crash via malformed HTTP headers, probably involving missing fields or values. The updated packages have been patched to correct this issue. %NASLMINLEVEL...

CVE-2007-0973

Multiple cross-site scripting XSS vulnerabilities in index.php in Jupiter CMS 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header and certain other HTTP headers, which are displayed without proper sanitization when an administrator performs a Logged Gue...

Sql injection

Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the...

CVE-2007-0971

Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in Jupiter CMS 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header and certain other HTTP headers, which are displayed without proper sanitization when an administrator performs a Logged Gue...

CVE-2007-0971

Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the...