DEBIAN-CVE-2004-1561

Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers...

CVE-2004-1133

Multiple cross-site scripting XSS vulnerabilities in Microsoft W3Who ISAPI w3who.dll allow remote attackers to inject arbitrary HTML and web script via 1 HTTP headers such as "Connection" or 2 invalid parameters whose values are echoed in the resulting error message...

CVE-2004-1053

CVE-2004-1053 is an integer overflow in FreeBSD's fetch(1) utility (affecting 4.1–5.3) that allows a remote attacker to execute arbitrary code by crafting HTTP headers in a response, triggering a buffer overflow. The issue is caused during HTTP header processing and can enable code execution on t...

CVE-2004-1053

Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer overflow...

CVE-2004-0646

Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as 1 modjrun and 2 modjrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields...

FreeBSD fetch integer overflow

Interger overflow on HTTP headeres parsing...

[Full-Disclosure] FreeBSD Security Advisory FreeBSD-SA-04:16.fetch

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:16.fetch Security Advisory The FreeBSD Project Topic: Overflow error in fetch Category: core Module: fetch Announced: 2004-11-18 Credits: Colin Percival Affect...

Overflow error in fetch

An integer overflow condition in fetch1 in the processing of HTTP headers can result in a buffer overflow. A malicious server or CGI script can respond to an HTTP or HTTPS request in such a manner as to cause arbitrary portions of the client's memory to be overwritten, allowing for arbitrary code...

Pavuk: Multiple buffer overflows

Background Pavuk is web spider and website mirroring tool. Description Pavuk contains several buffer overflow vulnerabilities in the code handling digest authentication and HTTP header processing. This issue is similar to GLSA 200407-19, but contains more vulnerabilities. Impact A remote attacker...

CVE-2002-1405

The CVE-2002-1405 issue affects Lynx 2.8.4 and earlier and describes a CRLF injection flaw that lets an attacker add extra HTTP headers via a URL containing encoded CR/LF characters on the command line. Public advisories (Debian DSA-210, RHSA-2003:030, RHSA-2003:030) indicate that updated Lynx pa...

CVE-2002-1405

CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters...

CVE-2002-1153

IBM Websphere 4.0.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host"...

[Full-Disclosure] Cross-Site Scripting Vulnerability in Newtelligence DasBlog

ERNW Security Advisory Cross-Site Scripting Vulnerability in Newtelligence DasBlog Author: Dominick Baier [email protected] 1. Summary: A XSS Cross-Site-Scripting Vulnerability in DasBlog's Event and Activity Viewer allows to inject and execute code on the client's machine. This allows an attacker t...

dasBlog Multiple HTTP Headers HTML Injection

Binary data 2193.prm...

Apache - Arbitrary Long HTTP Headers Denial of Service (C)

Apache - Arbitrary Long HTTP Headers Denial of Service C include include include include include include include include include define A 0x41 define PORT 80 struct sockaddrin hrm; int connchar ip int sockfd; hrm.sinfamily = AFINET; hrm.sinport = htonsPORT; hrm.sinaddr.saddr = inetaddrip;...

Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)

Exploit for linux platform in category dos / poc ======================================================== Apache HTTPd Arbitrary Long HTTP Headers DoS c version ======================================================== include include include include include include include include include define ...

Apache - Arbitrary Long HTTP Headers Denial of Service

include include include include include include include include include define A 0x41 define PORT 80 struct sockaddrin hrm; int connchar ip int sockfd; hrm.sinfamily = AFINET; hrm.sinport = htonsPORT; hrm.sinaddr.saddr = inetaddrip; bzero&hrm.sinzero,8; sockfd=socketAFINET,SOCKSTREAM,0;...

Apache - Arbitrary Long HTTP Headers (Denial of Service)

/usr/bin/perl exploit for apache apgetmimeheaderscore vuln adv is here: http://www.guninski.com/httpd1.html version: apache 2 newPeerAddr = $host,PeerPort = $port, Proto = 'tcp' || die "new error$@\n"; binmode$sock; $hostname="Host: $host"; $buf2='A'x50; $buf4='A'x8183; $len=length$buf2; $buf="GE...

Apache - Arbitrary Long HTTP Headers Denial of Service (Perl)

Apache - Arbitrary Long HTTP Headers Denial of Service Perl /usr/bin/perl exploit for apache apgetmimeheaderscore vuln adv is here: http://www.guninski.com/httpd1.html version: apache 2 newPeerAddr = $host,PeerPort = $port, Proto = 'tcp' || die "new error$@\n"; binmode$sock; $hostname="Host:...

Apache Httpd < 2.0.50 : Header parsing memory leak

A memory leak in parsing of HTTP headers which can be triggered remotely may allow a denial of service attack due to excessive memory consumption...