CVE-2012-4999

Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote attackers to cause a denial of service service hang via a crafted string in HTTP header fields such as 1 If-Modified-Since, 2 If-None-Match, or 3 If-Unmodified-Since. NOTE: some of these details are obtained from third party...

CVE-2012-4999

The vulnerability CVE-2012-4999 affects Mercury MR804 Router firmware (version 8.0 3.8.1 Build 101220 Rel.53006nB). The issue arises from how HTTP header fields (notably If-Modified-Since, If-None-Match, and If-Unmodified-Since) are processed, allowing remote attackers to cause a denial of servic...

CVE-2012-4999

Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote attackers to cause a denial of service service hang via a crafted string in HTTP header fields such as 1 If-Modified-Since, 2 If-None-Match, or 3 If-Unmodified-Since. NOTE: some of these details are obtained from third party...

Integer overflow

Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a 1 GET parameter, 2 POST parameter, or 3 Referer HTTP header...

CVE-2011-4451

WikkaWiki 1.3.1 and 1.3.2 are affected by a remote PHP code injection vulnerability in the spam-logging path when spam_logging is enabled. The issue allows an attacker to supply PHP code via the User-Agent header in addcomment requests to write to the spamlog_path file. Vendor disputes this issue...

Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities

Ad Manager Pro is prone to multiple sql injection and cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Ad Manager Pro - Multiple Vulnerabilities

----------------------------------------------------------- Ad Manager Pro Bug discovered by Yakir Wizman Date 24/08/2012 Vendor Homepage - http://www.phpwebscripts.com/ad-manager-pro/ Demo - http://www.scripts-demo.com/admanagerpro/ ISRAEL...

CVE-2012-2330

The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...

HTTP header injection - ownCloud

A Header injection vulnerability in ownCloud before 4.0.8 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the HTTP url path parameter to index.php. Affected Software ownCloud Server 4.0.8 CVE-2012-5057 Action Taken It is...

Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20120213)

The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 released in a previous update did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker b...

Scientific Linux Security Update : httpd on SL6.x i386/x86_64

The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy fla...

Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. CVE-2010-1200 A flaw was found in the way browser plug-ins interac...

Scientific Linux Security Update : firefox on SL5.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203 A flaw was...

Scientific Linux Security Update : firefox on SL4.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203 A flaw was...

CentOS Update for httpd CESA-2011:1392 centos4 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Null HTTPd Server Content-Length HTTP Header Buffer Overflow Vulnerability

Null HTTPd Server is prone to heap based buffer overflow vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2011-4586

CRLF injection vulnerability (HTTP header injection/response splitting) in Moodle Calendar subsystem via calendar/set.php affects Moodle 1.9.x <1.9.15, 2.0.x <2.0.6, and 2.1.x

CVE-2012-3350

SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

Sql injection

SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...