3718 matches found
CVE-2014-9575
VDG Security SENSE formerly DIVA before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : colon character in the Authorization HTTP header...
CVE-2014-9575
CVE-2014-9575 affects VDG Security SENSE (formerly DIVA) before 2.3.15. A crafted encoded colon in the Authorization header allows remote attackers to bypass authentication and read/modify arbitrary plugin settings. Remediation: upgrade to 2.3.16 (or later) per available changelog. The reports co...
CVE-2014-9575
VDG Security SENSE formerly DIVA before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : colon character in the Authorization HTTP header...
WordPress Simple Visitor Stat Plugin <= 4.5.2 BYPASS
Because of these vulnerabilities, the attackers can inject arbitrary HTML or web script via the HTTP User-Agent or HTTP Referer header. Solution No fix have been released...
Sql injection
SQL injection vulnerability in Php/Functions/logfunction.php in phpTrafficA 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via a User-Agent HTTP header...
CVE-2014-7263
Cross-site scripting XSS vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP header, a different vulnerability than CVE-2014-7261...
Cross site scripting
Cross-site scripting XSS vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP header, a different vulnerability than CVE-2014-7261...
CVE-2014-7263
CVE-2014-7263 : i-HTTPD (Windows) contains a flaw in processing HTTP headers that enables cross‑site scripting via a crafted header. The vulnerability allows a remote attacker to induce arbitrary script execution in a user’s browser. The JVN entry notes this is a separate issue from CVE-2014-7261...
JVN#87910097: i-HTTPD vulnerable to cross-site scripting
i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in processing HTTP header, which may lead to cross-site scripting CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use i-HTTPD i-HTTPD is no longer being developed or maintained. It is...
Web Server Content-Disposition Cross-Site Scripting (CVE-2016-7168)
A cross-site scripting vulnerability exists in Content-Disposition HTTP header. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Apache Tomcat Multiple Vulnerabilities (Nov 2014)
Apache Tomcat is prone to multiple vulnerabilities. Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2014-8998
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the pregreplace function with the eval switch...
Code injection
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the pregreplace function with the eval switch...
CVE-2014-8998
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the pregreplace function with the eval switch...
AT&T Drops Controversial Tracking Header
When information came out earlier this month that some mobile carriers were injecting unique identifying “supercookies” into their users’ Web traffic, privacy groups and users were angered. The practice, used by Verizon and AT&T, enables advertisers to track users’ behavior and assemble informati...
RHEL 5 / 6 : spacewalk-java, spacewalk-web and satellite-branding (RHSA-2014:0148)
Updated spacewalk-java, spacewalk-web, and satellite-branding packages that fix multiple security issues are now available for Red Hat Satellite 5.6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...
IBM WebSphere Application Server 7.0 < Fix Pack 35 Multiple Vulnerabilities
The remote host is running a version of IBM WebSphere Application Server 7.0 prior to Fix Pack 35. It is, therefore, affected by the following vulnerabilities : - Multiple errors exist related to the included IBM HTTP server that could allow remote code execution or denial of service...
Amazon Linux AMI : httpd (ALAS-2011-1)
The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially crafted Range header...
AllMyVisitors 0.5.0 SQL Injection
AllMyVisitors0.5.0 Blind SQL Injection Vulnerability ==================================================== Author : indoushka Vondor : http://www.php-resource.net/ Dork: Copyright c 2004 by voice of web ========================== SQL injection is a vulnerability that allows an attacker to alter...
[SECURITY] [DLA 68-1] fex security update
Package : fex Version : 20100208+debian1-1+squeeze4 CVE ID : CVE-2014-3875 CVE-2014-3876 CVE-2014-3877 CVE-2014-3875 When inserting encoded newline characters into a request to rup, additional HTTP headers can be injected into the reply, as well as new HTML code on the top of the website...