CVE-2006-5330

The CVE-2006-5330 issue affects Adobe Flash Player plugins prior to 7.0.69 (and earlier variants) across Windows, Linux, Solaris, and macOS, causing remote attackers to modify HTTP headers and perform HTTP Request Splitting via CRLF in arguments to ActionScript functions (XML.addRequestHeader, XM...

CVE-2006-5330

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks vi...

Debian DSA-1002-1 : webcalendar - several vulnerabilities

Several security related problems have been discovered in webcalendar, a PHP based multi-user calendar. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2005-3949 Multiple SQL injection vulnerabilities allow remote attackers to execute arbitrary SQ...

GLSA-200609-01 : Streamripper: Multiple remote buffer overflows

The remote host is affected by the vulnerability described in GLSA-200609-01 Streamripper: Multiple remote buffer overflows Ulf Harnhammar, from the Debian Security Audit Project, has found that Streamripper is vulnerable to multiple stack based buffer overflows caused by improper bounds checking...

Streamripper: Multiple remote buffer overflows

Background Streamripper extracts and records individual MP3 file tracks from SHOUTcast streams. Description Ulf Harnhammar, from the Debian Security Audit Project, has found that Streamripper is vulnerable to multiple stack based buffer overflows caused by improper bounds checking when processing...

CVE-2006-4505

NX5Linx 1.0 is affected by CVE-2006-4505: a CRLF injection in links.php allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via the url parameter. The connected sources also describe broader NX5Linkx issues (e.g., link.php exposure and additional vulnerabi...

Streamripper buffer overflow

Buffer overflow on HTTP headers parsing...

CVE-2006-3124

Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers...

CVE-2006-3124

Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers...

CVE-2006-3124

Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers...

CVE-2006-4197

Multiple buffer overflows in libmusicbrainz aka mbclient or MusicBrainz Client Library 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service crash or execute arbitrary code via 1 a long Location header by the HTTP server, which triggers an overflow in th...

CVE-2006-4111

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...

PHP ip2long() function circumvention

--- PHP ip2long function circumvention -------------------------------------- tested on php 5.0.2 " 4.3.3 -------------------------------------------------------------------------------- after some test on miniBB application http://www.minibb.net/ I obtained that the php ip2long function can be...

Real Helix RTSP Server memory corruption

Heap memory corruption on HTTP headers parsing...

CVE-2006-3105

CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php...

CVE-2006-2786

HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via 1 invalid HTTP response headers with spaces...

CVE-2006-2786

CVE-2006-2786 is an HTTP response smuggling vulnerability affecting Mozilla Firefox and Thunderbird prior to 1.5.0.4. According to connected advisories, an attacker could craft responses that a proxy or header formatting could fool the client into treating as responses from two different sites, p...

CVE-2006-2531

Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole"...

Authentication flaw

Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole"...

Buffer overflow

Buffer overflow in the getdatabase function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers...