Mandrake Linux Security Advisory : apache2 (MDKSA-2005:129)

Marc Stern reported an off-by-one overflow in the modssl CRL verification callback which can only be exploited if the Apache server is configured to use a malicious certificate revocation list CVE-2005-1268. Watchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A...

MailGust 1.9 - Board Takeover (SQL Injection)

MailGust 1.9 - Board Takeover SQL Injection ?php mailgustxpl.php MailGust 1.9 possibly prior versions SQL Injection / board takeover poc exploit with generic HTTP proxy support by rgod site: http://rgod.altervista.org make these changes in php.ini if you have troubles to launch this script:...

MailGust <= 1.9 (board takeover) SQL Injection Exploit

Exploit for unknown platform in category web applications ====================================================== MailGust = 1.9 board takeover SQL Injection Exploit ====================================================== ?php mailgustxpl.php MailGust 1.9 possibly prior versions SQL Injection / boa...

MailGust 1.9 - Board Takeover (SQL Injection)

?php mailgustxpl.php MailGust 1.9 possibly prior versions SQL Injection / board takeover poc exploit with generic HTTP proxy support by rgod site: http://rgod.altervista.org make these changes in php.ini if you have troubles to launch this script: allowcalltimepassreference = on registerglobals =...

MailGust &lt;= 1.9 (board takeover) SQL Injection Exploit

No description provided by source. ?php mailgustxpl.php MailGust 1.9 possibly prior versions SQL Injection / board takeover poc exploit with generic HTTP proxy support by rgod site: http://rgod.altervista.org make these changes in php.ini if you have troubles to launch this script:...

CuteNews &lt;= 1.4.0 (shell inject) Remote Command Execution Exploit

No description provided by source. ?php cutenxpl.php CuteNews 1.4.0possibly prior versions remote code execution by rgod site: http://rgod.altervista.org usage: launch form Apache, fill in requested fields, then go! make these changes in php.ini if you have troubles with this script:...

AzDGDatingLite &lt;= 2.1.3 Remote Code Execution Exploit

No description provided by source. ?php azdgexpl.php AzDGDatingLite V 2.1.3 possibly prior versions remote code execution with generic http proxy support by rgod site: http://rgod.altervista.org make these changes in php.ini if you have troubles to launch this script: allowcalltimepassreference =...

AzDGDatingLite 2.1.3 - Remote Code Execution

?php azdgexpl.php AzDGDatingLite V 2.1.3 possibly prior versions remote code execution with generic http proxy support by rgod site: http://rgod.altervista.org make these changes in php.ini if you have troubles to launch this script: allowcalltimepassreference = on registerglobals = on usage:...

AzDGDatingLite 2.1.3 - Remote Code Execution

AzDGDatingLite 2.1.3 - Remote Code Execution ?php azdgexpl.php AzDGDatingLite V 2.1.3 possibly prior versions remote code execution with generic http proxy support by rgod site: http://rgod.altervista.org make these changes in php.ini if you have troubles to launch this script:...

Debian DSA-805-1 : apache2 - several vulnerabilities

Several problems have been discovered in Apache2, the next generation, scalable, extendable web server. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1268 Marc Stern discovered an off-by-one error in the modssl Certificate Revocation List CRL...

Class-1 Forum 0.24.4 - Remote Code Execution

http://rgod.altervista.org make these changes in php.ini if you have troubles with this script: allowcalltimepassreference = on registerglobals = on this is my piece of poetry... errorreporting0; iniset"maxexecutiontime",0; iniset"defaultsockettimeout", 2; obimplicitflush 1; echo 'class1 remote...

[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 805-1 [email protected] http://www.debian.org/security/ Martin Schulze September 8th, 2005 http://www.debian.org/security/faq -...

PBLang 4.65 - Remote Command Execution (1)

site: http://rgod.altervista.org make these changes in php.ini if you have troubles with this script: allowcalltimepassreference = on registerglobals = on / errorreporting0; iniset"maxexecutiontime",0; iniset"defaultsockettimeout", 2; obimplicitflush 1; echo 'PBLang 4.65 remote commands execution...

DSA-803-1 apache - programming error

Bulletin has no description...

DEBIAN-CVE-2005-1857

Format string vulnerability in simpleproxy before 3.4 allows remote malicious HTTP proxies to execute arbitrary code via format string specifiers in a reply...

CVE-2005-2729

The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services...

CVE-2005-2729

The CVE-2005-2729 entry describes a vulnerability in the HTTP proxy of Astaro Security Linux 6.0 where HTTP CONNECT requests to localhost are not properly filtered, allowing remote attackers to bypass firewall rules and access local services. The issue is a network‑level exposure with low attack ...

CVE-2005-2729

The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services...

CVE-2005-2730

The CVE-2005-2730 entry concerns the HTTP proxy in Astaro Security Linux 6.0. The issue arises from handling an invalid request, which can cause the proxy to disclose a Proxy-Authorization string in an error message. This is a remote-attack scenario with potential exposure of credentials, as indi...

CVE-2005-2730

The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message...