CVE-2002-2258

Moby NetSuite allows remote attackers to cause a denial of service crash via an HTTP POST request with a 1 large integer or 2 non-numeric value in the Content-Length header, which causes an access violation after a failed atoi function call...

CVE-2002-2258

CVE-2002-2258 affects Moby NetSuite. A remote attacker can crash the service by sending an HTTP POST with a Content-Length header containing a large integer or non-numeric value, triggering an access violation after a failed atoi(). The documents do not provide any remediation, exploit details, o...

[SECURITY] [DSA 1380-1] New elinks packages fix information disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 1380-1 [email protected] http://www.debian.org/security/ Steve Kemp October 2nd, 2007 http://www.debian.org/security/faq -...

DSA-1380-1 elinks - information disclosure

Bulletin has no description...

Google Gmail cross-site request forgery vulnerability

Overview According to public reports, Google Gmail contained a cross-site request forgery XSRF vulnerability that allowed attackers to create email filters that could forward mail and attachments to arbitrary email addresses. Description Google Gmail is a web-based mail service. Gmail provides...

liberoit-xss.txt

The Italian ISP Libero.it not check the HTTP POST Parameter "pQuery" on search query and displays the content of this variable without modification within the html form area. Security problems on Libero's 155.it allows attackers to conduct XSS attacks for the following URL:...

Authentication flaw

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...

DEBIAN-CVE-2007-4174

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...

CVE-2007-4174

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...

CVE-2007-4174

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...

Authentication flaw

MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests...

CVE-2007-3567

MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests...

CVE-2007-3570

The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 RC1 allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request...

Cross site request forgery (csrf)

The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 RC1 allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request...

CVE-2007-3570

The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 RC1 allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request...

CVE-2007-3567

CVE-2007-3567 affects MySQLDumper 1.21b through 1.23 REV227. The vulnerability stems from a flawed “Limit GET” statement in the .htaccess authentication mechanism, allowing remote attackers to bypass authentication via HTTP POST requests. Impact is partial confidentiality and integrity and partia...

CVE-2007-3567

MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests...

CVE-2007-3570

The CVE-2007-3570 issue affects the Linux Access Gateway component of Novell Access Manager prior to 3.0 SP1 Release Candidate 1. The vulnerability allows remote attackers to bypass unspecified security controls by sending Fullwidth/Halfwidth Unicode encoded data in an HTTP POST request. Document...

Cross site request forgery (csrf)

The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic...

Tivoli Provisioning Manager for OS Deployment multiple security vulnerabilities

Multiple vulnerabilities on parsing HTTP POST requests...