Ruby on Rails redirect_to() HTTP Header Injection Vulnerability (Oct 2008) - Linux

Ruby on Rails is prone to a HTTP Header injection vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2008-4829

Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow remote attackers to execute arbitrary code via 1 a long "Zwitterion v" HTTP header, related to the httpparsescheader function; 2 a crafted pls playlist with a long entry, related to the httpgetpls function; or 3 a crafted m3u...

CVE-2008-4829

Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow remote attackers to execute arbitrary code via 1 a long "Zwitterion v" HTTP header, related to the httpparsescheader function; 2 a crafted pls playlist with a long entry, related to the httpgetpls function; or 3 a crafted m3u...

CVE-2008-4829

Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow remote attackers to execute arbitrary code via 1 a long "Zwitterion v" HTTP header, related to the httpparsescheader function; 2 a crafted pls playlist with a long entry, related to the httpgetpls function; or 3 a crafted m3u...

Sql injection

SQL injection vulnerability in subvotepic.php in the Datsogallery comdatsogallery module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header...

Sql injection

SQL injection vulnerability in inc/ajax/ajaxrating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...

CVE-2008-5132

SQL injection vulnerability in inc/ajax/ajaxrating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...

fresh email script 1.0 - Multiple Vulnerabilities

fresh email script 1.0 - Multiple Vulnerabilities 1. +-----------------+-----------------+-----------------+ 2. +-----------------+Fresh Email Script+----------------+ 3. +-----------------versions: 1.0 to 1.11 - all 4. +-----------------exploits: file inclusion & cookie manipulation 5...

JVN#67060882 sISAPILocation vulnerability bypasses HTTP header rewrite function

sISAPILocation, developed by an individual developer, is an ISAPI filter for IIS Internet Information Services. sISAPILocation contains a vulnerability that allows the HTTP header rewrite function to be bypassed. Impact When sISAPILocation is used to configure settings, such as to specify charact...

Debian: Security Advisory (DSA-1651-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Admbook PHP Code Injection Flaw

The remote web server contains a PHP script that allows arbitrary code injection. Description : The remote host is running AdmBook, a PHP-based guestbook. The remote version of this software is prone to remote PHP code injection due to a lack of sanitization of the HTTP header 'X-Forwarded-For'...

CVE-2008-4678

The HTTPRequestParser method in the HTTP Transport component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service controller 0C4 abend and application hang via a long HTTP Host header, related to "storage overlay" on the stack and a...

CVE-2008-4644

hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header...

CVE-2008-4644

CVE-2008-4644 affects hits.php in the myWebland myStats component, where remote attackers can bypass IP address restrictions by tampering with the X-Forwarded-For HTTP header. The vulnerability is triggered by trusting a manipulated X-Forwarded-For value, allowing bypass of access controls intend...

Debian DSA-1651-1 : ruby1.8 - several vulnerabilities

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-3655 Keita Yamaguchi discovered that several safe...

Debian DSA-1652-1 : ruby1.9 - several vulnerabilities

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-3655 Keita Yamaguchi discovered that several safe...

rPSA-2008-0286-1 mono

rPath Security Advisory: 2008-0286-1 Published: 2008-09-29 Products: rPath Linux 2 Rating: Major Exposure Level Classification: Remote User Deterministic Vulnerability Updated Versions: mono=conary.rpath.com@rpl:2/1.2.6-5-0.1 References: https://vulners.com/cve/CVE-2008-3906 Description: Previous...

AssetMan 2.5-b - SQL Injection using Session Fixation

AssetMan 2.5-b - SQL Injection using Session Fixation ============================================================ AssetMan v2.5-b SQL Injection using Session Fixation Attack ============================================================ ; , ,; '. ;: :; :: :: :: :: ': : :. : ;' :: :: ' .' '; ;' '. ...

AssetMan v2.5-b SQL Injection using Session Fixation Attack

Exploit for unknown platform in category web applications =========================================================== AssetMan v2.5-b SQL Injection using Session Fixation Attack =========================================================== ; , ,; '. ;: :; :: :: :: :: ': : :. : ;' :: :: ' .' '; ;' '...

AssetMan 2.5-b - SQL Injection using Session Fixation

============================================================ AssetMan v2.5-b SQL Injection using Session Fixation Attack ============================================================ ; , ,; '. ;: :; :: :: :: :: ': : :. : ;' :: :: ' .' '; ;' '. :: :; ;: :: ; :;. ,;: :: :; :;: ,;" :: ::. ':; ..,.; ;...