3716 matches found
CVE-2012-0807
Stack-based buffer overflow in the suhosinencryptsinglecookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long...
miniCMS 1.0 / 2.0 Code Execution
Title : miniCMS v1.0 : v2.0 php inject code Author : Or4nG.M4n Version : all version GDork : "This site is managed using MiniCMS©" Download : http://sourceforge.net/projects/mini-cms/files/mini-cms/ Thnks : +----------------------------------+ | xSs m4n i-Hmx h311 c0d3 | sp. Cyb3r-Crystal |...
miniCMS v1.0 / v2.0 php injection
Exploit for php platform in category web applications Title : miniCMS v1.0 : v2.0 php inject code Author : Or4nG.M4n Version : all version GDork : "This site is managed using MiniCMS©" Download : http://sourceforge.net/projects/mini-cms/files/mini-cms/ Thnks : +----------------------------------+...
MiniCMS 1.0/2.0 - PHP Code Injection
Title : miniCMS v1.0 : v2.0 php inject code Author : Or4nG.M4n Version : all version GDork : "This site is managed using MiniCMS©" Download : http://sourceforge.net/projects/mini-cms/files/mini-cms/ Thnks : +----------------------------------+ | xSs m4n i-Hmx h311 c0d3 | sp. Cyb3r-Crystal |...
CVE-2011-3375
Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by readin...
Design/Logic Flaw
Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by readin...
CVE-2011-3375
CVE-2011-3375 affects Apache Tomcat 6.0.30–6.0.33 and 7.x before 7.0.22. The root cause is improper caching/recycling of request objects, which can allow remote attackers to read IP addresses and HTTP header information by reading TCP data. The impact is information disclosure of request metadata...
CVE-2011-3375
Removed by vendor...
CVE-2011-3375
Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by readin...
CVE-2011-4854
The CVE-2011-4854 issue affects Parallels Plesk Panel 10.4.4_build20111103.18: the Control Panel does not ensure that Content-Type HTTP headers match the Content-Type data in HTML META elements, potentially allowing remote attackers to trigger an interpretation conflict involving get_enabled_prod...
Apache Tomcat 7.0.0 < 7.0.22 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 7.0.22. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.22security-7 advisory. - Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching an...
Sql injection
Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the 1 pixieuser parameter and 2 Referer HTTP header in a request to the default URI...
perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting
CRLF injection vulnerability in the header function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in 1 view/admin/logitem.php and 2 view/admin/logitemdetails.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist...
CVE-2011-4562
Multiple cross-site scripting XSS vulnerabilities in 1 view/admin/logitem.php and 2 view/admin/logitemdetails.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist...
WordPress Redirection Plugin <= 2.2.9 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist. Solution Update the plugin...
Mandriva Update for apache MDVSA-2011:168 (apache)
Check for the Version of apache OpenVAS Vulnerability Test Mandriva Update for apache MDVSA-2011:168 apache Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
Mandriva Linux Security Advisory : apache (MDVSA-2011:168)
A vulnerability has been discovered and corrected in apache : The modproxyajp module in the Apache HTTP Server before 2.2.21, when used with modproxybalancer in certain configurations, allows remote attackers to cause a denial of service temporary error state in the backend server via a malformed...
11in1 CMS 1.0.1 - 'do.php' CRLF Injection
11in1 CMS v1.0.1 do.php CRLF Injection Vulnerability Vendor: 11in1 Product web page: http://www.11in1.org Affected version: 1.0.1 Summary: Eleven in One is an open-source content management system CMS that is powered by PHP and MySQL. It does not only help you manage your personal blog but also...
php5 -- header splitting attack via carriage-return character
Rui Hirokawa reports: As of PHP 5.1.2, header can no longer be used to send multiple response headers in a single call to prevent the HTTP Response Splitting Attack. header only checks the linefeed LF, 0x0A as line-end marker, it doesn't check the carriage-return CR, 0x0D. However, some browsers...