3931 matches found
CVE-2003-1028
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid1000...
CVE-2003-1028
CVE-2003-1028 : The vulnerability lies in the download function of Internet Explorer 6 SP1, where an HTTP response with an invalid Content-Type and a .htm file can disclose the cache directory name. This information disclosure could allow remote attackers to bypass security measures that rely on ...
CVE-2003-1338
CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header...
CVE-2003-0113
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in 1 Content-type and 2 Content-encoding fields...
CVE-2003-0113
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in 1 Content-type and 2 Content-encoding fields...
seti@home remotely exploitable buffer overflow
The seti@home client contains a buffer overflow in the HTTP response handler. A malicious, spoofed seti@home server can exploit this buffer overflow to cause remote code execution on the client. Exploit programs are widely available...
DCP-Portal Multiple Script XSS
The version of DCP-Portal installed on the remote host fails to sanitize input to the script 'calendar.php' before using it to generate dynamic HTML, that could let an attacker execute arbitrary code in the browser of a legitimate user. It may also be affected by HTML injection flaws, which could...
More OmniHTTPd Problems
I've discovered another vulnerability in one of the OmniHTTPd sample apps. This time, the culprit is "/cgi-bin/redir.exe". This app is vulnerable to a newline injection issue. The vulnerability occurs because the "URL" query parameter case sensitive is decoded and placed directly into the respons...
Other Web Servers vulnerable to %3f.jsp directory listing
I tried posting to Bugtraq...but perhaps this is the more appropriate mailing list. Anyways here are some Response headers to servers that are vulnerable to the 3f.jsp directory listing exploit -Slow2Show- University of Florida HTTP/1.0 200 OK Date: Fri, 30 Nov 2001 03:43:27 GMT Server:...
Weak authentication in iBill's Password Management CGI
Vulnerable Program: ibillpm.pl Perl CGI script Distributed by: iBill Internet Billing Company, http://www.ibill.com Problem: iBill hard codes a weak password for the user management script, ibillpm.pl, installed for clients that use the Password Management system. The weak password is the client'...
Реальный путь к файлам в XCache (information leakage)
В заголовках HTTP-ответа содержится реальный путь к файлу...