Oracle HTTP Server - Cross-Site Scripting Header Injection

--------------------------------------------------------------------------------------------------------- Oracle HTTP Server XSS Header Injection --------------------------------------------------------------------------------------------------------- Attack Pattern ID : CAPEC-86 CWE ID : CI-79...

The pictures verify the vulnerability of the social worker use-vulnerability warning-the black bar safety net

Text/meal HTTP request: GET /iai.php HTTP/1.1 indicates that the request method is GET, the request address, and the HTTP Protocol version Accept: / indicates that the client can identify the content type of list,/represent all types Accept-Language: zh-cn indicates that the client can understand...

CVE-2011-2149

Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to 1 Admin/frmSite.aspx, 2 Default.aspx, 3 Services/SiteAdmin.asmx, or 4 Client/frmViewReports.aspx; certain cookies to 5...

Sql injection

Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to 1 Admin/frmSite.aspx, 2 Default.aspx, 3 Services/SiteAdmin.asmx, or 4 Client/frmViewReports.aspx; certain cookies to 5...

CVE-2011-2149

Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to 1 Admin/frmSite.aspx, 2 Default.aspx, 3 Services/SiteAdmin.asmx, or 4 Client/frmViewReports.aspx; certain cookies to 5...

perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting

CRLF injection vulnerability in the header function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline...

SPlayer 3.7 Buffer Overflow

!/usr/bin/python Exploit Title: SPlayer Software Link: http://www.splayer.org/index.en.html Versions: URL ctrl+u ... 3. Input the server URL and Click OK ... 4. Boom!/calc ... Method 2: 1. Execute this script ... 2. Launch SPlayer and click Open ctrl+o ... 3. Browse to any playlist file m3u, pls ...

openSUSE Security Update : perl-CGI-Simple (openSUSE-SU-2011:0020-1)

A HTTP header injection attack was fixed in perl-CGI-Simple. CVE-2010-2761 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update perl-CGI-Simple-3785. The text...

SPlayer 3.7 (build 2055) - Remote Buffer Overflow

SPlayer 3.7 build 2055 - Remote Buffer Overflow !/usr/bin/python Exploit Title: SPlayer Software Link: http://www.splayer.org/index.en.html Versions: URL ctrl+u ... 3. Input the server URL and Click OK ... 4. Boom!/calc ... Method 2: 1. Execute this script ... 2. Launch SPlayer and click Open...

SPlayer <= 3.7 (build 2055) Buffer Overflow Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: SPlayer Software Link: http://www.splayer.org/index.en.html Versions: URL ctrl+u ... 3. Input the server URL and Click OK ... 4. Boom!/calc ... Method 2: 1. Execute this script ... 2. Launch SPlayer and click...

SPlayer 3.7 (build 2055) - Remote Buffer Overflow

!/usr/bin/python Exploit Title: SPlayer Software Link: http://www.splayer.org/index.en.html Versions: URL ctrl+u ... 3. Input the server URL and Click OK ... 4. Boom!/calc ... Method 2: 1. Execute this script ... 2. Launch SPlayer and click Open ctrl+o ... 3. Browse to any playlist file m3u, pls ...

ZenPhoto 1.4.0.3 x-forwarded-for HTTP Header presisitent XSS

Exploit for php platform in category web applications Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP Header presisitent XSS Date: 21-4-2011 Author: Saif El-Sherei Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip Version: 1.4.0.3 latest updated...

ZenPhoto 1.4.0.3 Cross Site Scripting

Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP Header presisitent XSS Date: 21-4-2011 Author: Saif El-Sherei Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip Version: 1.4.0.3 latest updated 2011-4-19 Tested on:FF 3.0.15, IE 8 Info: Zenphoto is an...

ZenPhoto 1.4.0.3 - x-forwarded-for HTTP Header Persistent Cross-Site Scripting

ZenPhoto 1.4.0.3 - x-forwarded-for HTTP Header Persistent Cross-Site Scripting Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP Header presisitent XSS Date: 21-4-2011 Author: Saif El-Sherei Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip Version:...

ZenPhoto 1.4.0.3 - x-forwarded-for HTTP Header Persistent Cross-Site Scripting

Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP Header presisitent XSS Date: 21-4-2011 Author: Saif El-Sherei Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip Version: 1.4.0.3 latest updated 2011-4-19 Tested on:FF 3.0.15, IE 8 Info: Zenphoto is an...

CVE-2010-4235

Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header...

Format string

Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header...

CVE-2010-4235

Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header...

Ruby on Rails Logfile Injection Vulnerability (Mar 2011)

Ruby on Rails is prone to a file injection vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rubyonrails:rails";...

FreeBSD Ports: bugzilla

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...