1086 matches found
Microsoft ISA Server HTTP Content Header (MS05-034; CVE-2005-1215)
The Microsoft Internet Security and Acceleration ISA Server is a firewall and web proxy caching server. While relaying client requests to upstream servers, ISA will keep a copy of the returned content in its cache. When unchanged resources are later requested by web clients, the content is served...
Sybase EAServer WebConsole Buffer Overflow (CVE-2005-2297)
Sybase EAServer is a web service application server suite. The software provides a web-based management console to allow a remote user using a web browser to perform database administration tasks. The communication between the client and the web-based management console is encapsulated in the HTT...
SSL renegotiation attacks detailed explanation-vulnerability warning-the black bar safety net
English good friends can see my English blog on the original. The attack uses the SSL Protocol renegotiation vulnerability, allowing an attacker to man in the middle attacks way in the communication of the initial portion of the insertion of any selected plaintext. The following assuming you on t...
ePO console Detection
This host is running an ePolicy Orchestrator ePo console. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Apache Tomcat URIencoding Directory Traversal (CVE-2007-0450; CVE-2008-2938)
Apache Tomcat is an implementation of the Java Servlet and JavaServer pages technologies. The software provides the servlet container used in development and deployment of Java based web applications. Users access Tomcat applications using web browsers that communicate to the server via the HTTP...
Ipswitch IMail Web Calendaring Arbitrary File Read (CVE-2005-1252)
The Ipswitch IMail Server product contains a variety of server components. These components include POP3, SMTP, IMAP, and a Web Calendaring server. The IMail Web Calendaring server provides functions for users to store schedules, set appointments, and send reminder information using HTTP protocol...
SHOUTcast Filename Format String - ver 2 (CVE-2004-1373)
SHOUTcast is a free distributed streaming audio system developed by Nullsoft. It is widely used by Internet-based radio stations. The SHOUTcast server implements a subset of the HTTP protocol to communicate with clients. A client-server session starts with the client requesting an audio stream fr...
SHOUTcast Filename Format String (CVE-2004-1373)
SHOUTcast is a free distributed streaming audio system developed by Nullsoft. It is widely used by Internet-based radio stations. The SHOUTcast server implements a subset of the HTTP protocol to communicate with clients. A client-server session starts with the client requesting an audio stream fr...
Apache Tomcat Directory Listing Information Disclosure (CVE-2006-3835)
Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages technologies. The software provides the servlet container used in development and deployment of Java based web applications. Users access Tomcat applications using web browsers that communicate to the server via the HTTP...
BigAnt IM Server HTTP GET Request Buffer Overflow Vulnerability - Active Check
BigAnt IM Server is prone to a remote buffer overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...
Detailed description of SSL and TLS Web Security penetration testing-vulnerability warning-the black bar safety net
If the Web Service of the SSL and TLS Protocol security problem, the consequences will be how? Obviously, in this case the attacker can have all your security information, including user name, passwords, credit card, Bank information...... All in all. This article will give the reader a detailed...
ELOG Version Detection
This script finds the running ELOG Version and saves the result in KB. OpenVAS Vulnerability Test $Id: secpodelogdetect.nasl 5877 2017-04-06 09:01:48Z teissa $ ELOG Version Detection Authors: Antu Sanadi Copyright: Copyright c 2009 SecPod, http://www.secpod.com This program is free software; you...
CVE-2009-2622
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including 1 "missing or mismatched protocol identifier," 2 missing or negative status value," 3 "missing version," or 4 "missing or invalid status number," related t...
For IIS write permissions for the simple analysis-vulnerability warning-the black bar safety net
//Or to be symbolic of a copyright, reproduced, please indicate the b0r3d's blog http://www.b0r3d.org //Last month to the Black hand cast went, people since there is no published, I will send to it, after all the articles of original content is too small, the technical content is not high. Recent...
Zervit 0.4 Traversal / Memory Corruption
Zervit webserver 0.4 Directory Traversal & Memory Corruption By: e.wiZz! & shinnai Site: shinnai.net & balcansecurity.com Memory Corruption import socket host = "127.0.0.1" port = 8080 try: for i in range1,10: buff = "a" 3330 request = "POST " + buff + " HTTP/1.0" connection =...
Zervit HTTP Server Malformed URI Remote Denial Of Service Vulnerability
Zervit HTTP server is prone to a denial of service DoS vulnerability because it fails to adequately sanitize user-supplied input. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Squid cache proxy server DoS
Denial of Service on invalid HTTP protocol version...
MSN cross-site vulnerability analysis-vulnerability warning-the black bar safety net
As early as a few days ago, heard colleagues say,“friends msn send to a web page, enter the password, the results a few days later, the MSN password is wrong, could be stolen.” At that time also asked colleagues want the address, but he said address not found. A few days later a friend said to se...
Cross site scripting
Cross-site scripting XSS vulnerability in the HTTP Protocol Stack HTTPSTK in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
Heap overflow
Heap-based buffer overflows in Novell eDirectory HTTP protocol stack HTTPSTK before 8.8 SP3 have unknown impact and attack vectors related to the 1 HTTP language header and 2 HTTP content-length header...