197 matches found
wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage
It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack...
wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage
It was found that JBoss EAP 7 Header Cache was inefficient. An attacker could use this flaw to cause a denial of service attack...
python: http protocol steam injection attack
It was found that the Python's httplib library used by urllib, urllib2 and others did not properly check HTTPConnection.putheader function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values...
Vulnerability of Firefox and Firefox ESR browsers, which allows attackers to bypass the CORS protection mechanism
The vulnerability of Firefox and Firefox ESR browsers is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass the CORS protection mechanism by duplicating cookie sequence keys or extracting values from the response header of an incorrect HTTP...
CVE-2015-6949
Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values...
Microsoft Windows XP WAV File Handler Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11503/info Microsoft Windows XP is reported prone to a denial of service vulnerability. The issue exists due to a lack of sufficient sanitization performed on WAV file header values before they are processed. If an exploi...
DEBIAN-CVE-2013-2175
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdrip or other "hdr" functions with a negative occurrence count, allows remote attackers to cause a denial of service negative array index usage and crash via an HTTP header with a certain number of values, related to the...
haproxy: http_get_hdr()/get_ip_from_hdr2() MAX_HDR_HISTORY handling denial of service
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdrip or other "hdr" functions with a negative occurrence count, allows remote attackers to cause a denial of service negative array index usage and crash via an HTTP header with a certain number of values, related to the...
CVE-2012-3730
Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a message from a different sender...
MobileCartly 1.0 - Arbitrary File Upload
MobileCartly 1.0 - Arbitrary File Upload Exploit Title: MobileCartly 1.0 Remote File Upload Vulnerability Google Dork: - Date: 14/08/2012 Exploit Author: ICheerNo0M Vendor Homepage: http://icheernoom.blogspot.com/ Software Link: http://mobilecartly.com/mobilecartly.zip Version: 1.0 Tested on:...
http-waf-fingerprint NSE Script
Tries to detect the presence of a web application firewall and its type and version. This works by sending a number of requests and looking in the responses for known behavior and fingerprints such as Server header, cookies and headers values. Intensive mode works by sending additional WAF specif...
CentOS Update for httpd CESA-2011:1392 centos5 i386
Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2011:1392 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
Perl CGI.pm is prone to an unspecified security vulnerability related to handling of newlines embedded in header values. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
tomcat XSS in example webapps
Cross-site scripting XSS vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values...
Debian DSA-1320-1 : clamav - several vulnerabilities
Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2650 It was discovered that the OLE2 parser can be tricked into an infinite loop and memory exhaustion. - CVE-2007-30...
CVE-2006-7195
Cross-site scripting XSS vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values...
Fixed in Apache Tomcat 5.5.18, 5.0.SVN
Moderate: Cross-site scripting CVE-2006-7195 The implicit-objects.jsp in the examples webapp displayed a number of unfiltered header values. This enabled a XSS attack. These values are now filtered. Affects: 5.0.0-5.0.30, 5.5.0-5.5.17...