CVE-2008-3153

SQL injection vulnerability in Triton CMS Pro allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...

OFFSystem HTTP头字段数据处理远程缓冲区溢出漏洞

BUGTRAQ ID: 29809 CNCAN ID：CNCAN-2008062310 OFFSystem是一款开源文件分享软件。 OFFSystem处理HTTP头字段数据存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序权限执行任意代码。 发送特殊构建的包含畸形HTTP头字段的HTTP请求，可导致缓冲区溢出，可能以应用程序权限执行任意指令。 FFSystem OFFSystem 0.9.14 升级程序： OFFSystem OFFSystem 0.9.14 OFFSystem OFFSystem-0.19.14-src.tar.gz...

IBM Lotus Domino Web Server HTTP Header Buffer Overflow (CVE-2008-2240)

IBM Lotus Domino is a server product that provides enterprise-grade e-mail, collaboration capabilities, and custom application platform. A stack buffer overflow vulnerability was reported in the IBM Lotus Domino Web Server application. The vulnerability is due to an error in the IBM Lotus Domino...

Akamai Red Swoosh < 3333 referer Header Cross-Site Request Forgery

The remote host is running Akamai Red Swoosh client, which handles software distribution via the Swoosh network. The version of Red Swoosh installed on the remote host includes a web server that listens on the loopback interface for management commands but it fails to properly sanitize the HTTP...

SQL Injection leading to authorization bypass in Torrent Trader Classic v1.08 and earlier

SQL Injection leading to authorization bypass in Torrent Trader Classic v1.08 and earlier Discovered by: Charles Vaughn [email protected] Software: http://sourceforge.net/projects/torrenttrader Status: Vendor Notified, updated version available Vulnerability TorrentTrader is a popular torrent...

flash a tips-vulnerability warning-the black bar safety net

Author: darkne2s Source: energy Temple It seems like a large cattle these all have flash exp. But 1 0 personal 9 personal that bad. This surprised me. Press the truth to say that this is not the person's vulnerability should be very easy to use. And I also often irregularly collected all over the...

Stack overflow

Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a long Accept-Language HTTP header...

CGI RESCUE WebFORM vulnerable to HTTP header injection

Overview WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers. Impact Falsified information may be displayed or an arbitrary scri...

Cross site scripting

Cross-site scripting XSS vulnerability in the Top Referrers aka referrer plugin in Serendipity S9Y before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...

CVE-2008-1385

Cross-site scripting XSS vulnerability in the Top Referrers aka referrer plugin in Serendipity S9Y before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...

CVE-2008-1385

Cross-site scripting XSS vulnerability in the Top Referrers aka referrer plugin in Serendipity S9Y before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...

CVE-2008-1385

Cross-site scripting XSS vulnerability in the Top Referrers aka referrer plugin in Serendipity S9Y before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...

Adobe Flash Player 9.0.124.0版本修改多个安全漏洞

BUGTRAQ ID: 27034,28695,26966,28697,26930,28696,28694 CVECAN ID: CVE-2007-5275,CVE-2007-6243,CVE-2007-6637,CVE-2007-6019,CVE-2007-0071,CVE-2008-1655,CVE-2008-1654 Flash Player是一款非常流行的FLASH播放器。 Flash Player 9.0.124.0版本修复了多个安全漏洞，成功利用这些漏洞允许恶意用户绕过安全限制、执行跨站脚本或入侵用户系统，具体包括： 1 处理Declare Function...

RHEL 4 / 5 : squid (RHSA-2008:0214)

The remote Redhat Enterprise Linux 4 / 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2008:0214 advisory. Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. A flaw was found in the way squi...

Drake CMS 0.4.11 - Blind SQL Injection

gid 17. if '' === $gbname = in'gbname', SQL | NOHTML, $POST, '', 50 18. || '' === $gbemail = in'gbemail', SQL | NOHTML, $POST, '', 50 19. || !isemail$gbemail 20. 21. CMSResponse::BackFORMNC; 22. else 23. $gbname = $my-name; 24. $gbemail = $my-email; 25. 26. 27. $timeout = $params-get'timeout',5;...

Sql injection

The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magicquotesruntime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENTIP...

[MSA02240108] IE7 allows overwriting of several headers leading to Http request Splitting and smuggling.

MSA01240108: IE7 allows overwriting of several headers leading to Http request Splitting and smuggling. Date: March 21th, 2008 Tested Versions: Internet Explorer 7.0.5730.11 Tested OS: Windows XP Professional SP2 Italian Minded Security ReferenceID: MSA02240108 Credits: Discovery by Stefano Di...

VLC Media Player network/httpd.c httpd_FileCallBack Function Connection Parameter Format String

The remote host is running VLC, a popular media player application which can have an embedded web server. The remote version of this software is vulnerable to a format string attack when processing a malformed 'Connection:' http header. An attacker can exploit this flaw to execute arbitrary...

Sql injection

SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field HTTPXFORWARDEDFOR environment variable in an HTTP header...

CVE-2008-1398

SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field HTTPXFORWARDEDFOR environment variable in an HTTP header...