CVE-2009-1697

Removed by vendor...

LogMeIn 4.0.784 - cfgadvanced.html HTTP Header Injection

LogMeIn 4.0.784 - cfgadvanced.html HTTP Header Injection source: https://www.securityfocus.com/bid/35236/info LogMeIn is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP...

LogMeIn 4.0.784 - 'cfgadvanced.html' HTTP Header Injection

source: https://www.securityfocus.com/bid/35236/info LogMeIn is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP response, attackers may be able to launch various attacks,...

Cross site scripting

Cross-site scripting XSS vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...

Crlf injection

CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter...

FreeBSD : cups -- remote code execution and DNS rebinding (736e55bc-39bb-11de-a493-001b77d09812)

Gentoo security team summarizes : The following issues were reported in CUPS : - iDefense reported an integer overflow in the cupsImageReadTIFF function in the 'imagetops' filter, leading to a heap-based buffer overflow CVE-2009-0163. - Aaron Siegel of Apple Product Security reported that the CUP...

cups -- remote code execution and DNS rebinding

Gentoo security team summarizes: The following issues were reported in CUPS: iDefense reported an integer overflow in the cupsImageReadTIFF function in the "imagetops" filter, leading to a heap-based buffer overflow CVE-2009-0163. Aaron Siegel of Apple Product Security reported that the CUPS web...

GLSA-200904-20 : CUPS: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200904-20 CUPS: Multiple vulnerabilities The following issues were reported in CUPS: iDefense reported an integer overflow in the cupsImageReadTIFF function in the 'imagetops' filter, leading to a heap-based buffer overflow...

JVN#28020230 Web Mailer from CGI RESCUE vulnerable to HTTP header injection

Web Mailer from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. Web Mailer contains a HTTP header injection vulnerability. Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response...

Mozilla Foundation Security Advisory 2009-16

Mozilla Foundation Security Advisory 2009-16 Title: jar: scheme ignores the content-disposition: header on the inner URI Impact: Moderate Announced: April 21, 2009 Reporter: Daniel Veditz Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.9 Description Mozilla developer Daniel Veditz...

Cross site scripting

Cross-site scripting XSS vulnerability in Ultimate PHP Board UPB 2.2.2, 2.2.1, and earlier 2.x versions allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header...

Squid 2.7 / 3.0 Information Disclosure Vulnerability

According to its version number, the remote version of Squid is prone to an information disclosure vulnerability related to the interpretation of the Host HTTP header. Specifically, this issue occurs when the proxy makes a forwarding decision based on the Host HTTP header instead of the destinati...

X10media Mp3 Search Engine 1.6.2 - Admin Access

X10media Mp3 Search Engine 1.6.2 - Admin Access THUNDER Product: X10media Mp3 Search Engine v1.x Admin Access Vulnerability Author : THUNDER File : admin/admin.php Vulnerable Code / User not an administrator, redirect to main page automatically. / if!$session-isAdmin header"Location: ../main.php"...

Sql injection

SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header $SERVER'HTTPUSERAGENT'...

CVE-2009-1227

NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long 1 Authorization or 2 Referer HTTP header to TCP port 18624...

Cross site scripting

Cross-site scripting XSS vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances ASA 5520 with software 7.2430 and earlier 7.2 versions including 7.2222, and 8.0428 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to inject...

Check Point Firewall-1 PKI Web Service buffer overflow

Multiple buffer overflows on HTTP headers parsing...

Heap overflow

Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header...

CVE-2009-0840

Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header...

CVE-2009-0840

CVE-2009-0840 affects MapServer’s mapserv CGI: a heap-based buffer overflow can be triggered by a crafted Content-Length header, enabling remote code execution. Impacted are MapServer 4.x up to 4.10.4 and 5.x up to 5.2.2. Debian/OSS advisories note an incomplete fix also affecting CVE-2009-2281 a...