GLSA-200903-21 : cURL: Arbitrary file access

The remote host is affected by the vulnerability described in GLSA-200903-21 cURL: Arbitrary file access David Kierznowski reported that the redirect implementation accepts arbitrary Location values when CURLOPTFOLLOWLOCATION is enabled. Impact : A remote attacker could possibly exploit this...

cURL: Arbitrary file access

Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description David Kierznowski reported that the redirect implementation accepts arbitrary Location values when CURLOPTFOLLOWLOCATION is enabled. Impact A remote attacker could possibly...

CVE-2008-5297

Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP servers to execute arbitrary code via a crafted response to a DNS update request, related to a missing length check in the GetNextLine function...

Lexmark Multiple HTTP Servers Denial of Service Vulnerability

No description provided by source. GET / HTTP/1.0\r\n /Host:AAAAAA1024...

Ruby WEBrick vulnerable to directory traversal

Overview Ruby WEBrick is vulnerable to a directory traversal on systems that support backslash \ path separators. This vulnerability may allow an attacker to access arbitrary files outside of the web server root directory. Description WEBrick is a Ruby library program to build HTTP servers...

Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0)

Luigi Auriemma Application: McAfee Framework implemented in McAfee ePolicy Orchestrator 4.0 http://www.mcafee.com/us/enterprise/products/systemsecuritymanagement/epolicyorchestrator.html Versions: = 3.6.0.569 Platforms: Windows Bug: format string in naimcomnLog Exploitation: remote Date: 12 Mar...

CVE-2008-0367

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks...

CVE-2007-4625

Removed by vendor...

Apache, IIS and other http servers allow by sending a carriage return character forged log-vulnerability warning-the black bar safety net

Description: The majority of the http server receives contains%0d%0a the request resolves to a carriage return and in the log wraps, the use of this A feature can be falsification of logs. Details: Most http servers support-such as%0 0 encoding of request, the main purpose is to provide reliable...

[SECURITY] Fedora Core 5 Update: wget-1.10.2-3.3.fc5

GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...

RHEL 4 : ruby (RHSA-2006:0427)

Updated ruby packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way Ruby creates its...

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way Ruby creates its...

Lexmark Multiple HTTP Servers Denial of Service Vulnerability

Exploit for hardware platform in category dos / poc ============================================================= Lexmark Multiple HTTP Servers Denial of Service Vulnerability ============================================================= GET / HTTP/1.0\r\n /Host:AAAAAA1024. 0day.today 2018-01-11...

Lexmark Multiple HTTP Servers - Denial of Service

GET / HTTP/1.0\r\n /Host:AAAAAA1024. milw0rm.com 2004-07-22...

CVE-2003-0963

Buffer overflows in 1 trynetscapeproxy and 2 trysquideplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands...

HMAP Web Server Fingerprinting

Nessus was able to identify the remote web server type by sending several valid and invalid HTTP requests. In some cases, its version can also be approximated, as well as some options. C Tenable Network Security, Inc. Redistribution and use in source, with or without modification, are permitted...

netkill - generic remote DoS attack

NAME netkill - generic remote DoS attack $Id: netkill,v 1.7 2000/04/20 18:56:22 shalunov Exp $ SUMMARY By exploiting features inherent to TCP protocol remote attackers can perform denial of service attacks on a wide array of target operating systems. The attack is most efficient against HTTP...