CVE-2012-3350

SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

Blind SQL Injection in Webmatic

Advisory ID: HTB23096 Product: Webmatic Vendor: valarsoft.com Vulnerable Versions: 3.1.1 and probably prior Tested Version: 3.1.1 Vendor Notification: 13 June 2012 Public Disclosure: 4 July 2012 Vulnerability Type: Blind SQL Injection CVE Reference: CVE-2012-3350 CVSSv2 Base Score: 7.5...

RedHat Update for httpd RHSA-2012:0128-01

Check for the Version of httpd OpenVAS Vulnerability Test RedHat Update for httpd RHSA-2012:0128-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

RedHat Update for httpd RHSA-2012:0128-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Webmatic 3.1.1 - Blind SQL Injection

Advisory ID: HTB23096 Product: Webmatic Vendor: valarsoft.com Vulnerable Versions: 3.1.1 and probably prior Tested Version: 3.1.1 Vendor Notification: 13 June 2012 Public Disclosure: 4 July 2012 Vulnerability Type: Blind SQL Injection CVE Reference: CVE-2012-3350 CVSSv2 Base Score: 7.5...

CVE-2012-3828

Cross-site scripting XSS vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header...

Cross site scripting

Cross-site scripting XSS vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header...

CVE-2012-3829

Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header...

CVE-2012-3828

Cross-site scripting XSS vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header...

CVE-2012-3829

Affected product: Joomla! 2.5.3. Vulnerability: exposes the installation path to remote attackers via the Host HTTP header, enabling information disclosure. Root cause: improper handling of the Host header leading to path disclosure. Impact: partial confidentiality breach (installation path expos...

CVE-2012-3828

CVE-2012-3828 affects Joomla! 2.5.3 with a cross-site scripting (XSS) vulnerability exploitable via the Host HTTP Header, allowing remote script/HTML injection. Root cause described as insufficient validation of the Host header. Impact is client-side script execution potential; no explicit exploi...

CVE-2011-4940

The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...

CVE-2011-4940

The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...

GLSA-201203-22 : nginx: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201203-22 nginx: Multiple vulnerabilities Multiple vulnerabilities have been found in nginx: The TLS protocol does not properly handle session renegotiation requests CVE-2009-3555. The 'ngxhttpprocessrequestheaders' function in...

Blind SQL Injection in Webmatic

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Webmatic, which can be exploited to perform Blind SQL Injection attacks. 1 Blind SQL Injection in Webmatic: CVE-2012-3350 1.1 Input passed via the "Referer:" field of the HTTP header to index.php is not properly sanitised...

Fedora 17 : python-tornado-2.2.1-1.fc17 (2012-8194)

Update to 2.2.1 which fixes an HTTP header injection vulnerability. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 16 : python-tornado-2.2.1-1.fc16 (2012-8217)

Update to 2.2.1 which fixes an HTTP header injection vulnerability. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 15 : python-tornado-2.2.1-1.fc15 (2012-8205)

Update to 2.2.1 which fixes an HTTP header injection vulnerability. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Yamamah 1.1.0 Database Disclosure

--------------------------------------- Author : L3b-r1'z Title : Yamamah Database backup Download Date : 5/27/2012 Email : [email protected] Site : Sec4Ever.com & Exploit4arab.com Google Dork : allintext: "Copyright © 2010 All rights reserved. Powered By : Yamamah Version 1.1.0" Version : 1.1.0...

http-traceroute NSE Script

Exploits the Max-Forwards HTTP header to detect the presence of reverse proxies. The script works by sending HTTP requests with values of the Max-Forwards HTTP header varying from 0 to 2 and checking for any anomalies in certain response values such as the status code, Server, Content-Type and...