3718 matches found
Google Chrome 0.2.149 Malformed 'view-source' HTTP Header Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/31035/info Google Chrome is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted HTTP 'view-source' headers. Attackers can exploit this issue to crash the affected...
Liferay Enterprise Portal 4.3.6 User-Agent HTTP Header Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27547/info Liferay Enterprise Portal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
CVE-2013-3843
Stack-based buffer overflow in the mkrequestheaderprocess function in mkrequest.c in Monkey HTTP Daemon monkeyd before 1.2.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP header...
CVE-2013-2163
Monkey HTTP Daemon monkeyd before 1.2.2 allows remote attackers to cause a denial of service infinite loop via an offset equal to the file size in the Range HTTP header...
CVE-2013-3843
Stack-based buffer overflow in the mkrequestheaderprocess function in mkrequest.c in Monkey HTTP Daemon monkeyd before 1.2.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP header...
Stack overflow
Stack-based buffer overflow in the mkrequestheaderprocess function in mkrequest.c in Monkey HTTP Daemon monkeyd before 1.2.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP header...
CVE-2013-2163
Monkey HTTP Daemon monkeyd before 1.2.2 allows remote attackers to cause a denial of service infinite loop via an offset equal to the file size in the Range HTTP header...
CVE-2013-2163
Monkey HTTP Daemon monkeyd before 1.2.2 allows remote attackers to cause a denial of service infinite loop via an offset equal to the file size in the Range HTTP header...
CVE-2013-3843
Stack-based buffer overflow in the mkrequestheaderprocess function in mkrequest.c in Monkey HTTP Daemon monkeyd before 1.2.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP header...
openSUSE Security Update : perl-CGI-Simple (openSUSE-SU-2011:0020-1)
A HTTP header injection attack was fixed in perl-CGI-Simple. CVE-2010-2761 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update perl-CGI-Simple-3785. The text...
openSUSE Security Update : php5 (openSUSE-SU-2012:1169-1)
php5 was updated to fix two security issues : - use FilesMatch with 'SetHandler' rather than 'AddHandler' bnc775852 Since this update just hardens a configuration to protect weakly designed web applications, there was no CVE assigned. - A HTTP header Carriage-Return injection flaw was fixed...
CVE-2013-3081
SQL injection vulnerability in the checkEmailFormat function in plugins/jojocore/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header to /articles/test/...
Sql injection
SQL injection vulnerability in the checkEmailFormat function in plugins/jojocore/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header to /articles/test/...
PHPBTTracker+ 2.2 SQL Injection
Exploit Title: PHPBTTracker+ 2.2 SQL Injection Date: May 13th, 2014 Exploit Author: BackBox Team Vendor Homepage: http://phpbttrkplus.sourceforge.net/ Software Link: http://sourceforge.net/projects/phpbttrkplus/files/ Version: PHPBTTracker+ 2.2 Tested on: PHP 5.4.27, Apache 2.4.9, MySQL = 5.0.0...
CVE-2012-5877
Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service NULL pointer dereference and crash via an HTTP header without a name...
CVE-2012-5877
CVE-2012-5877 concerns Nero MediaHome Server (Product: Nero MediaHome, vulnerable through NMMediaServer.dll) with versions up to 4.5.8.0. The available documents describe a denial-of-service via malformed HTTP handling, notably a NULL pointer dereference triggered by ill-formed HTTP headers (e.g....
CVE-2012-5877
Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service NULL pointer dereference and crash via an HTTP header without a name...
phpnuke 8.3 Sql Injection Vulnerability
Exploit for php platform in category web applications author : ali ahmady -- Iranian security researcher email : snip3rirathotmail.com greets : b0x , PhantomX , VIRkid , email protected , zeus REKCAH , milad22 google dork : inurl: modules.php?name=SubmitNews at post review level you can inject...
tomcat -- multiple vulnerabilities
Tomcat Security Team reports: Tomcat does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference,...
Secret: Content Sniffing not disabled
URL :- https://www.secret.ly/ Issue description :- There was no "X-Content-Type-Options" HTTP header with the value nosniff set in the response. The lack of this header causes that certain browsers, try to determine the content type and encoding of the response even when these properties are...