CVE-2006-1989

Buffer overflow in the getdatabase function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers...

CVE-2006-1989

Buffer overflow in the getdatabase function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers...

MyBB 1.10 New XSS ' member.php '

//-- MyBB 1.10 New XSS ' member.php ' --// Webattack :- 1- Logout 2- Open Firefox 3- Use Live HTTP Headers 4- Do Register 5- Agree It 6- Edit Cookies By Live HTTP Headers 7- Add This Cookies :D mybbreferrer="/inputbHTML/binput; //-- FixIT --// Open member.php GoTo Line :- 595 .. $referrername =...

Crlf injection

CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter...

CVE-2006-1714

CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter...

CVE-2006-1714

CVE-2006-1714 is a CRLF injection vulnerability in the phpMyForum 4.0 index.php file. The issue allows remote attackers to inject HTTP headers by sending hex-encoded CRLF sequences through the type parameter, enabling header manipulation. The affected component is the index.php handler of Christo...

DEBIAN-CVE-2006-0051

Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the httppeek function...

CVE-2005-4749

CVE-2005-4749 describes an HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express. Affected products include WebLogic Server/Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier. The flaw allows remote attackers to inject arbitrary HTTP headers via u...

CVE-2005-4749

HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors...

Guppy Request Header Injection Vulnerabilities

The remote web server contains a PHP script that allows for arbitrary code execution and cross-site scripting attacks. Description : The remote host is running Guppy, a CMS written in PHP. The remote version of this software does not properly sanitize input to the Referer and User-Agent HTTP...

GLSA-200603-22 : PHP: Format string and XSS vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200603-22 PHP: Format string and XSS vulnerabilities Stefan Esser of the Hardened PHP project has reported a few vulnerabilities found in PHP: Input passed to the session ID in the session extension isn't properly sanitised before...

PHP: Format string and XSS vulnerabilities

Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run on a web server with the modphp module or the CGI version and also stand-alone in a CLI. Description Stefan Esser of the Hardened PHP project has reported a few vulnerabilities found i...

CVE-2006-0957

Direct static code injection vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to execute arbitrary PHP code via the 1 X-Forwarded-For and 2 Client-Ip HTTP headers, which are stored in Data/flood.db.php...

Code injection

Direct static code injection vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to execute arbitrary PHP code via the 1 X-Forwarded-For and 2 Client-Ip HTTP headers, which are stored in Data/flood.db.php...

CVE-2006-0957

CVE-2006-0957 affects ZoneO-Soft FreeForum (before 1.2.1). A direct static code injection vulnerability exists in func.inc.php where HTTP headers X-Forwarded-For and Client-Ip are written to Data/flood.db.php, enabling remote attackers to inject and execute arbitrary PHP code. The vulnerability a...

CVE-2006-0917

Melange Chat Server aka M-Chat, when accessed via a web browser, automatically sends cookies and other sensitive information for a server to any port specified in the associated link, which allows local users on that server to read the cookies from HTTP headers and possibly gain sensitive...

Information disclosure

Melange Chat Server aka M-Chat, when accessed via a web browser, automatically sends cookies and other sensitive information for a server to any port specified in the associated link, which allows local users on that server to read the cookies from HTTP headers and possibly gain sensitive...

[SA18923] Leif M. Wright's Blog Multiple Vulnerabilities

TITLE: Leif M. Wright's Blog Multiple Vulnerabilities SECUNIA ADVISORY ID: SA18923 VERIFY ADVISORY: http://secunia.com/advisories/18923/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access WHERE: From remote SOFTWARE: Leif M...

CVE-2005-4712

CVE-2005-4712 affects PHP Handicapper’s process_signup.php, where CRLF injection in the login parameter allows remote attackers to inject HTTP headers. The Red Hat entry repeats this description; other connected documents (e.g., PT Security) discuss a separate related issue (SQL injection) in the...

[SA18790] Clever Copy HTTP Headers Script Insertion Vulnerabilities

TITLE: Clever Copy HTTP Headers Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA18790 VERIFY ADVISORY: http://secunia.com/advisories/18790/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Clever Copy 2.x http://secunia.com/product/5445/ Clever Copy...