Heap overflow

Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remote attackers to bypass intended access restrictions for character encoding and the cookie secure flag via unknown vectors related to the "HTTP header rewrite function."...

CVE-2008-6298

CVE-2008-6298 concerns sISAPILocation (ISAPI filter for IIS) prior to 1.0.2.2. The vulnerability enables bypass of the HTTP header rewrite function, potentially bypassing configuration controls for character encoding and the cookie secure flag. Root cause is described as an issue in the sISAPILoc...

CVE-2008-6298

Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remote attackers to bypass intended access restrictions for character encoding and the cookie secure flag via unknown vectors related to the "HTTP header rewrite function."...

ziproxy -- multiple vulnerability

Ziproxy Developers reports: Multiple HTTP proxy implementations are prone to an information-disclosure vulnerability related to the interpretation of the 'Host' HTTP header. Specifically, this issue occurs when the proxy makes a forwarding decision based on the 'Host' HTTP header instead of the...

Next injection protection cross-site scripting request spoofing(CSRF)-vulnerability warning-the black bar safety net

Author: superhei, 出处 :ph4nt0m.org CSRFCross-site Request Forgery,cross-site request cheat in the past year nn2always fire, however, CSRF is very difficult to completely prevent, following some of my Bypass Preventingside note CSRF tricks...... CSRFCross-site Request Forgery,cross-site request che...

MemHT Portal 4.0.1 - Remote Code Execution

MemHT Portal 4.0.1 - Remote Code Execution !/usr/bin/perl MemHT Portal 7 Main::Usage; else HTTP::UserAgent$uagent; MemHT::Login; MemHT::Exploit$file; MemHT Exploit Package package MemHT; sub Exploit my $resp; my $file = shift...

opera9. 5 2 Use ajax to read a local file vulnerability further use-vulnerability warning-the black bar safety net

by emptiness prodigal heart http://www.inbreak.net The foregoing the opera9. 5 2 Use ajax to read a local file vulnerability on , Referred to the opera's ajax to read a local file vulnerability. But the use of the way, relatively narrow. Very few people will download the htm file locally, then op...

PT-2009-22: EXcms Root directory disclosure vulnerability

EXcms is a content management system CMS software, usually implemented as a Web application, for creating and managing HTML content. It is used to manage and control a large, dynamic collection of Web material HTML documents and their associated images. Vulnerability Description Positive...

RoundCube Webmail <= 0.2b Remote Code Execution Exploit

Exploit for unknown platform in category web applications ======================================================= RoundCube Webmail echoiniget'disablefunctions'; exec, system PHP passthru"id; uname -a"; uid=666www-data gid=666www-data groups=666www-data Linux mail 2.6.28 0 Sun Jan 01 10:05:33 CET...

CVE-2008-5553

The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has...

Cross site scripting

Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF...

Hardcoded credentials

The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a denial of service hang via 1 a large integer in the Content-Length HTTP header; 2 an invalid value in the Content-Length HTTP header, as demonstrated by a negative integer; or 3 a missing...

Debian Security Advisory DSA 1683-1 (streamripper)

The remote host is missing an update to streamripper announced via advisory DSA 1683-1. OpenVAS Vulnerability Test $Id: deb16831.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1683-1 streamripper Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft In...

Debian DSA-1683-1 : streamripper - buffer overflow

Multiple buffer overflows involving HTTP header and playlist parsing have been discovered in streamripper CVE-2007-4337, CVE-2008-4829 . %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-168...

[SECURITY] [DSA 1683-1] New streamripper packages fix potential code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1683-1 [email protected] http://www.debian.org/security/ Florian Weimer December 08, 2008 http://www.debian.org/security/faq -...

DSA-1683-1 streamripper - potential code execution

Bulletin has no description...

Streamripper Multiple Buffer Overflow Vulnerabilities (Linux)

The host is installed with Streamripper, which is prone to Multiple Buffer Overflow Vulnerabilities. OpenVAS Vulnerability Test $Id: gbstreamrippermultbofvulnnov08lin.nasl 5158 2017-02-01 14:53:04Z mime $ Streamripper Multiple Buffer Overflow Vulnerabilities Linux Authors: Veerendra GG Copyright:...

Streamripper Multiple Buffer Overflow Vulnerabilities - Linux

Streamripper is prone to multiple buffer overflow vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-5284

The CVE-2008-5284 issue affects multiple products where the web server component can crash due to a crafted HTTP Content-Length header with a negative value. Affected are IEA Software RadiusNT/RadiusX (versions 5.1.38 up to but not including 5.1.44), Emerald (5.0.49 up to before 5.0.52), Air Mars...

Ruby on Rails redirect_to() HTTP Header Injection Vulnerability - Linux

The host is running Ruby on Rails, which is prone to HTTP Header Injection Vulnerability. OpenVAS Vulnerability Test $Id: gbrubyrailshttpheaderinjvulnlin.nasl 4227 2016-10-07 05:45:35Z teissa $ Ruby on Rails redirectto HTTP Header Injection Vulnerability - Linux Authors: Veerendra GG Copyright:...