CVE-2008-0563

CVE-2008-0563 describes a cross-site request forgery in Liferay Portal 4.3.6, where the application uses the User-Agent header when composing Forgot Password HTML emails. This allows remote attackers to perform unspecified actions as unspecified authenticated users. The available documents consis...

Design/Logic Flaw

Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service daemon crash via a large integer in the Content-Length HTTP header, which triggers a NULL dereference when malloc fails...

CVE-2008-0548

Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service daemon crash via a large integer in the Content-Length HTTP header, which triggers a NULL dereference when malloc fails...

CVE-2008-0548

Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service daemon crash via a large integer in the Content-Length HTTP header, which triggers a NULL dereference when malloc fails...

CVE-2008-0548

Steamcast 0.9.75 and earlier is affected by a denial of service via a crafted large Content-Length HTTP header that causes a NULL dereference when malloc fails. Affected component: the server handling HTTP requests; root cause is handling of oversized Content-Length values. Impact is denial of se...

Liferay Portal Enterprise Admin User-Agent HTTP header XSS

Overview Liferay Portal contains a cross-site scripting vulnerability in the handling of the User-Agent HTTP header, which can allow a remote, authenticated attacker to gain administrative access. Description Liferay Portal is an enterprise portal solution that uses Java technologies. The...

Directory traversal

Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the set parameter, as demonstrated by sending a certain CLIENTIP HTTP header in an enter action to index.php, and injecting PHP sequences into...

CVE-2008-0478

Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the set parameter, as demonstrated by sending a certain CLIENTIP HTTP header in an enter action to index.php, and injecting PHP sequences into...

CVE-2008-0478

Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the set parameter, as demonstrated by sending a certain CLIENTIP HTTP header in an enter action to index.php, and injecting PHP sequences into...

Code injection

stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php...

SetCMS 3.6.5 (setcms.org) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl SetCMS v3.6.5 setcms.org remote commands execution exploit by RST/GHC o4.o9.2oo6 coded by 1dt.w0lf THIS IS UNPUBLISHED RST/GHC EXPLOIT CODE KEEP IT PRIVATE про багу: file: functions.php FUNCTION ip global $userid; ifgetenv'HTTPCLIENTIP' $userip =...

squid security update

CentOS Errata and Security Advisory CESA-2007:1130-04 Updated squid packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Squid is a high-performance...

Sql injection

SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

CVE-2007-6622

SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

CentOS 3 / 4 / 5 : squid (CESA-2007:1130)

Updated squid packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Squid is a high-performance proxy caching server for Web clients, supporting FTP,...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via 1 the link parameter or 2 the User-Agent HTTP header...

CVE-2007-6307

Multiple cross-site scripting XSS vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via 1 the link parameter or 2 the User-Agent HTTP header...

JVN#77730435 Multiple Cybozu products vulnerable to HTTP header injection

Multiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers. Impact A remote attacker can conduct cache poisoning, send an arbitrary cookie, or execute an arbitrary script on the user's web browser. Solution Update the Software For more...

CVE-2007-5615

CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

Referer-spoofing via window.location race condition — Mozilla

Gregory Fleischer demonstrated that it was possible to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property. This could be used to conduct a Cross-site Request Forgery CSRF attack against websites that rely only on the Referer header as...