Referer-spoofing via window.location race condition — Mozilla

Gregory Fleischer demonstrated that it was possible to generate a fake HTTP Referer header by exploiting a timing condition when setting the window.location property. This could be used to conduct a Cross-site Request Forgery CSRF attack against websites that rely only on the Referer header as...

Sql injection

SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...

CVE-2007-6083

SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...

CVE-2007-6083

SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...

IceBB HTTP_X_FORWARDED_FOR变量远程SQL注入漏洞

BUGTRAQ ID: 26483 IceBB是一个基于PHP+MySQL的开源论坛系统。 IceBB处理畸形用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞执行SQL注入攻击，非授权操作数据库。 IceBB的index.php脚本没有正确地验证对X-Forwarded-For HTTP头的输入。在/includes/functions.php文件的73行： $ip = empty$SERVER'HTTPXFORWARDEDFOR' ? $SERVER'REMOTEADDR' : $SERVER'HTTPXFORWARDEDFOR'; $ip = $this-cleankey$ip;...

IBM Websphere Application Server 5.1.1 - WebContainer HTTP Request Header Security

source: https://www.securityfocus.com/bid/26457/info IBM WebSphere Application Server is prone to a security weakness regarding an HTTP request header. The software fails to sanitize a certain HTTP header when the data is redirected to an error message. An attacker may exploit this issue to steal...

CVE-2007-5944

Cross-site scripting XSS vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server WAS 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are...

Format string

Format string vulnerability in the wsaddarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the 1 username or 2 password portion of base64-encoded...

CVE-2007-5825

Format string vulnerability in the wsaddarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the 1 username or 2 password portion of base64-encoded...

openSUSE 10 Security Update : libsoup (libsoup-2503)

This update fixes a bug in the HTTP header parsing code. Applications using this library maybe vulnerable to a remote denial-of-service attack. CVE-2006-5876 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

tomcat accept-language xss flaw

Cross-site scripting XSS vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616"...

Sql injection

SQL injection vulnerability in index.php in MAXdev MDPro MD-Pro 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header...

CVE-2007-5222

SQL injection vulnerability in index.php in MAXdev MDPro MD-Pro 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header...

CVE-2007-5222

SQL injection vulnerability in index.php in MAXdev MDPro MD-Pro 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header...

CVE-2007-4980

CVE-2007-4980 affects GCALDaemon 1.0-beta13 where the readRequest method in org/gcaldaemon/core/http/HTTPListener.java is vulnerable. A remote attacker can trigger a denial of service by sending an HTTP request with a large Content-Length header, which leads to a fatal Java OutOfMemoryError. The ...

Streamripper 1.62.1 - Buffer Overflows

Streamripper 1.62.1 Security Advisory | http://streamripper.sf.net Multiple Buffer Overflows 12 August 2007 Chris Rohlf http://em386.blogspot.com ----------- Description ----------- Streamripper is a program used to rip streaming media to mp3 format to your harddrive. Multiple buffer overflows th...

CVE-2007-4337

Multiple buffer overflows in the httplibparsescheader function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long 1 Location and 2 Server HTTP headers, a different vulnerability than CVE-2006-3124...

CVE-2007-3623

Cross-site scripting XSS vulnerability in the Hitachi JP1/HiCommand Device Manager, Tiered Storage Manager, Replication Monitor, and GlobalLink Availability Manager before 20070528 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header...

CVE-2007-3623

Cross-site scripting XSS vulnerability in the Hitachi JP1/HiCommand Device Manager, Tiered Storage Manager, Replication Monitor, and GlobalLink Availability Manager before 20070528 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header...

Design/Logic Flaw

The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address...