CVE-2010-3842

Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ backslash as a separator of path components within the Content-disposition HTTP header...

Path traversal

Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ backslash as a separator of path components within the Content-disposition HTTP header...

CVE-2010-3842

CVE-2010-3842 affects the curl command-line tool, specifically versions 7.20.0 through 7.21.1. The root cause is improper handling of backslashes as directory separators in the Content-Disposition header when using --remote-header-name (-J). This allows a remote server to cause the client to writ...

CVE-2010-3842

Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ backslash as a separator of path components within the Content-disposition HTTP header...

Oracle Sun Java System Web Server - HTTP Response Splitting

Oracle Sun Java System Web Server - HTTP Response Splitting Description Security-Assessment.com discovered that is possible to successfully perform an HTTP Response Splitting attack against applications served by Sun Java System Web Server. The vulnerability can be exploited if user supplied inpu...

ecshop advertising call page message header is written into the storms path-vulnerability warning-the black bar safety net

/affiche.php,php5 environmental error exposure program path, php4 environment to display the written information the charset parameter is not to do rigorous filtration result in an http message header truncated written...

[DCA-00015] YOPS Web Server Remote Command Execution

DCA-00015 Software - YOPS Your Open Personal WEB Server Vendor Product Description - YOPS Your Own Personal WEB Server is a small SEDA-like HTTP server for Linux OS written in C. There are 7 stages accept, parse, launch, fetch, error, send and log, and pipes are used as interstage channels. Bug...

CMSQLite 1.2 / CMySQLite 1.3.1 - Remote Code Execution

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Natural Killer "; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n";...

RedHat Update for lftp RHSA-2010:0585-01

Check for the Version of lftp OpenVAS Vulnerability Test RedHat Update for lftp RHSA-2010:0585-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Ubuntu 9.04 / 9.10 : firefox, firefox-3.0, xulrunner-1.9.2 vulnerability (USN-930-6)

USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browse...

Critical: Red Hat Security Advisory: thunderbird security update

An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity rating...

CVE-2010-2375: WebLogic Plugin HTTP Injection via Encoded URLs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs Release Date: 2010-07-13 Application: WebLogic Plugin...

Multiple Cisco CSS / ACE Client Certificate And HTTP Header Manipulation Vulnerabilities

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities Release Date: 2010-07-02 Application:...

Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-930-1

Ubuntu Update for Linux kernel vulnerabilities USN-930-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9301.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-930-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Ubuntu Update for firefox regression USN-930-3

Ubuntu Update for Linux kernel vulnerabilities USN-930-3 OpenVAS Vulnerability Test $Id: gbubuntuUSN9303.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for firefox regression USN-930-3 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

CVE-2008-7257

Cisco ASA WebVPN (WebVPN on ASA) is affected by a CRLF injection/HTTP response splitting vulnerability tracked as CVE-2008-7257. The flaw occurs in +webvpn+/index.html for ASA 5580-series devices with software before 8.1(2). An attacker can craft a URL containing %0d%0a sequences to inject arbitr...

Design/Logic Flaw

Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066...

CVE-2010-2504

Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066...

CVE-2010-2504

CVE-2010-2504 affects Splunk 4.0–4.0.10 and 4.1–4.1.1. The issue is HTTP header injection that allows remote authenticated users to obtain sensitive information (SPL-31066). Root cause details beyond “HTTP header injection” are not provided in the connected documents. Impact is noted as exposure ...

Apache Axis 1.5 Session Fixation

===== Tempest Security Intelligence - Advisory 02 / 2010 =========== Vulnerability = 'Apache Axis Session Fixation Vulnerability' Authors = 'Tiago Ferreira ' 'Leandro Oliveira ' ======== Table of Contents =========================================== 1. Overview 2. Detailed description 3. Other...