3718 matches found
LogMeIn 4.0.784 'cfgadvanced.html' HTTP Header Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35236/info LogMeIn is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP response, attackers may be...
phpLDAPadmin 0.9.4b DoS
No description provided by source. / Exploit Title: phpLDAPadmin 0.9.4b DoS Google Dork: phpLDAPadmin - 0.9.4b Date: 2011-10-23 Author: Alguien Software Link: http://sourceforge.net/projects/phpldapadmin/files/phpldapadmin/0.9.4b/ Version: 0.9.4b Tested on: Red Hat CVE : - Compilation: ----------...
jakcms 2.0 pro rc5 - Stored XSS via useragent http header injection
No description provided by source. Exploit Title: JAKCMS 2.0 PRO RC5 stored XSS via useragent HTTP header Injection Date: 7-2-2011 Author: Saif El-Sherei Software Link: http://php.opensourcecms.com/scripts/redirect/download.php?id=480 Version: JAKCMS PRO 2.0 RC5 and probably earlier version Teste...
Edimax EW-7206-APg and EW-7209APg - Multiple Vulnerabilities
No description provided by source. Device Name: EW-7206APg / EW-7209APg Vendor: Edimax ============ Vulnerable Firmware Releases: ============ Device: EW-7206APg Hardware Version Rev. A Runtime Code Version v1.32 Runtime Code Version V1.33 Device: EW-7209APg Hardware Version Rev. A Runtime Code...
PHP 4.2.3 Header Function Script Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5669/info PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems. It has been reported that a vulnerability in the PHP header functi...
Mono <= 2.0 'System.Web' HTTP Header Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30867/info Mono is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sanitize input. By inserting arbitrary headers into an HTTP response, attackers may be able to launch...
linux/x86 HTTP/1.x GET, Downloads and JMP - 68 bytes+
No description provided by source. / linux/x86 HTTP/1.x GET, Downloads and JMP - 68 bytes+ This shellcode allows you to download a binary code straight off a standard HTTP server and execute it. The downloaded shellcode e.g. binary code will be executed on the stack. DEMONSTRATION: Starting by...
Oracle WebCenter Sites Satellite Server - HTTP Header Injection
No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20130417-2 ======================================================================= title: HTTP header injection/Cache poisoning in Oracle WebCenter Sites Satellite Server product: Oracle WebCenter Sites Satellite...
MemHT Portal 4.0.1 [user agent] Persistent Cross Site Scripting
No description provided by source. !/usr/bin/perl MemHT Portal 4.0.1 Persistent Cross Site Scripting Vulnerability user agent by ZonTa - zontahackersatgmaildotcom After successful inject wait for the admin to view statistic page. Fix is available :...
Linksys WAP11 1.3/1.4,D-Link DI-804 4.68/Dl-704 2.56 b5 Embedded HTTP Server DoS Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6090/info A denial of service vulnerability has been reported for several networking devices. The condition will be triggered when the embedded web server, used by the devices, receives an overly long HTTP header. An...
ManageEngine ServiceDesk Plus 8.0 - Multiple Stored XSS Vulnerabilities
No description provided by source. ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd. Product web page: http://www.manageengine.com Affected version: 8.0.0 Build 8013 Enterprise Summary: ServiceDesk Plus integrates your help desk requests and...
nginx 0.7.61 - WebDAV Directory Traversal
No description provided by source. Bug Title: nginx webdav copy/move method directory traversal Program: nginx Version: nginx/0.7.61 - other versions may also be affected Website: http://sysoev.ru/nginx/ Severity: Low Date discovered: 23 September 2009 The webdav component has to be enabled and t...
OSCommerce 2.2 Authentication Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7357/info osCommerce has been reported prone to authentication bypass vulnerability. It has been reported that osCommerce uses HTTP header information as a part of its authentication mechanism. Reportedly an attacker may...
fresh email script 1.0 - Multiple Vulnerabilities
No description provided by source. 1. +-----------------+-----------------+-----------------+ 2. +-----------------+Fresh Email Script+----------------+ 3. +-----------------versions: 1.0 to 1.11 - all 4. +-----------------exploits: file inclusion & cookie manipulation 5. +-----------------founde...
AssetMan 2.5-b - SQL Injection using Session Fixation Attack
No description provided by source. ============================================================ AssetMan v2.5-b SQL Injection using Session Fixation Attack ============================================================ ; , ,; '. ;: :; :: :: :: :: ': : :. : ;' :: :: ' .' '; ;' '. :: :; ;: :: ; :;. ,...
ZenPhoto 1.4.0.3 x-forwarded-for HTTP Header presisitent XSS
No description provided by source. Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP Header presisitent XSS Date: 21-4-2011 Author: Saif El-Sherei Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip Version: 1.4.0.3 latest updated 2011-4-19 Tested on:FF...
Wordpress MU < 2.7 'HOST' HTTP Header XSS Vulnerability
No description provided by source. ============================================= INTERNET SECURITY AUDITORS ALERT 2009-004 - Original release date: December 3rd, 2008 - Last revised: March 10th, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.3/10 CVSS scored...
Apple QuickTime 5.0 Content-Type Remote Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4064/info Apple QuickTime is a freely available media player. It runs on a number of platforms including MacOS and Windows 9x/ME/NT/2000/XP operating systems. Apple QuickTime For Windows does not perform sufficient bounds...
Wordpress Comment Rating Plugin 2.9.32 - Multiple Vulnerabilities
No description provided by source. Exploit Title: Wordpress plugin: Comment Rating SQL injection Google Dork: Date: 21/02/2013 Exploit Author: ebanyu Url Author: www.ebanyu.com.ar Vendor Homepage: wealthynetizen.com Software Link: http://wealthynetizen.com/wordpress-plugin-comment-rating/ Version...
AN HTTPD CMDIS.DLL Remote Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13066/info AN HTTPD is reported prone to a remote buffer overflow vulnerability. Specifically, the issue presents itself in 'cmdIS.DLL' which calls the 'GetEnvironmentStrings' function to copy environment variables into a...