3718 matches found
CVE-2013-2175
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdrip or other "hdr" functions with a negative occurrence count, allows remote attackers to cause a denial of service negative array index usage and crash via an HTTP header with a certain number of values, related to the...
cors_origin
Inspect if application check that the value of the "Origin" HTTP header is consistent with the value of the remote IP address/Host of the sender of the incoming HTTP request. Configurable parameters are: originheadervalue Note : This plugin is useful to test "Cross Origin Resource Sharing CORS"...
MiniUPnPd 1.0 - Remote Stack Buffer Overflow Remote Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'MiniUPnPd 1.0 Stack Buffer Overflow...
MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution
This module exploits the MiniUPnP 1.0 SOAP stack buffer overflow vulnerability present in the SOAPAction HTTP header handling. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MiniUPnPd 1.0 Stac...
RT: Request Tracker < 3.8.17 / 4.0.13 Multiple Vulnerabilities
Binary data 6841.prm...
FreeBSD : RT -- multiple vulnerabilities (3a429192-c36a-11e2-97a9-6805ca0b3d42)
Thomas Sibley reports : We discovered a number of security vulnerabilities which affect both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.17 and 4.0.13 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 3.8 and 4.0. The vulnerabilities...
[SECURITY] [DSA 2670-1] request-tracker3.8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2670-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 22, 2013 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2671-1 (request-tracker4 - several vulnerabilities)
Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-4733 A user with the ModifyTicket right can bypass the DeleteTicket right or any custom...
Debian: Security Advisory (DSA-2670-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Denial of service
HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service infinite loop via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."...
Jojo CMS - x-forwarded-for HTTP header SQL Injection
Jojo CMS - x-forwarded-for HTTP header SQL Injection source: https://www.securityfocus.com/bid/59934/info Jojo CMS is prone to an SQL-injection vulnerability because it fails to sanitize user-supplied input. A successful exploit may allow an attacker to compromise the application, access or modif...
Open-Xchange Security Advisory 2013-04-17
Open-Xchange Security Advisory multiple vulnerabilities Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. The vendor has chosen a responsible full disclosure method to publish security issue details. Users of the software have already been provided...
Multiple Vulnerabilities in D'Link DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A
Device Name: DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A Vendor: D-Link ============ Device Description: ============ DIR-300: http://www.dlink.com/de/de/home-solutions/connect/routers/dir-300-wirele... DIR-615:...
D-Link DIR-615 / DIR-300 XSS / CSRF / Command Injection / Insecure Crypto
Device Name: DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A Vendor: D-Link ============ Device Description: ============ DIR-300: http://www.dlink.com/de/de/home-solutions/connect/routers/dir-300-wirele... DIR-615:...
DLink DIR-615 Hardware rev D3 / DIR-300 - Hardware rev A - Multiple Vulnerabilities
Exploit for hardware platform in category web applications Device Name: DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A Vendor: D-Link ============ Device Description: ============ DIR-300: http://www.dlink.com/de/de/home-solutions/connect/routers/dir-300-wirele... DIR-615:...
D-Link DIR-615 Rev D3 DIR-300 Rev A - Multiple Vulnerabilities
D-Link DIR-615 Rev D3 DIR-300 Rev A - Multiple Vulnerabilities Device Name: DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A Vendor: D-Link ============ Device Description: ============ DIR-300: http://www.dlink.com/de/de/home-solutions/connect/routers/dir-300-wirele... DIR-615:...
D-Link DIR-615 Rev D3 / DIR-300 Rev A - Multiple Vulnerabilities
Device Name: DIR-615 - Hardware revision D3 / DIR-300 - Hardware revision A Vendor: D-Link ============ Device Description: ============ DIR-300: http://www.dlink.com/de/de/home-solutions/connect/routers/dir-300-wirele... DIR-615:...
SEC Consult SA-20130417-2 :: HTTP header injection/Cache poisoning in Oracle WebCenter Sites Satellite Server
SEC Consult Vulnerability Lab Security Advisory 20130417-2 ======================================================================= title: HTTP header injection/Cache poisoning in Oracle WebCenter Sites Satellite Server product: Oracle WebCenter Sites Satellite Server former FatWire Satellite Serv...
Oracle WebCenter Sites Satellite Server - HTTP Header Injection
Exploit for windows platform in category web applications Vendor description: ------------------- FatWire Satellite Server is a predecessor product of Oracle WebCenter Sites Satellite Server. "Oracle WebCenter Sites Satellite Server enables organizations to deliver segmented, targeted, and...
Oracle WebCenter Sites Satellite Server - HTTP Header Injection
Oracle WebCenter Sites Satellite Server - HTTP Header Injection SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: HTTP header injection/Cache poisoning in Oracle WebCenter Sites Satellite Server product: Oracle WebCenter...