CVE-2007-3571

The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address...

Cross site scripting

Cross-site scripting XSS vulnerability in SAP Web Dynpro Java BC-WD-JAV in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web...

CVE-2007-3496

Cross-site scripting XSS vulnerability in SAP Web Dynpro Java BC-WD-JAV in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via 1 a saved Workflow name; 2 a Workflow name, related to deletion of a Workflow template...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via 1 a saved Workflow name or 2 the Content-Type HTTP header. NOTE: item 2 also...

CVE-2007-3255

Multiple cross-site request forgery CSRF vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via 1 a saved Workflow name or 2 the Content-Type HTTP header. NOTE: item 2 also...

CVE-2007-3254

Multiple cross-site scripting XSS vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via 1 a saved Workflow name; 2 a Workflow name, related to deletion of a Workflow template...

CVE-2007-3255

CVE-2007-3255 affects Xythos Enterprise Document Manager (XEDM) and related products. Vulnerabilities allow remote authenticated users to perform actions as other users via CSRF: (1) a saved Workflow name and (2) Content-Type header manipulation. Affects XEDM <5.0.25.8 and 6.x

Apache Mod_Mem_Cache远程信息泄露漏洞

Apache是一款开放源代码的HTTP服务程序。 Apache包含的modmemcache模块存在信息泄露问题，远程攻击者可以利用漏洞获得对敏感数据的访问。 在使用modmemcache缓存部分小文件时，在部分条件下，会应答部分错误的HTTP头部数据，包括多个头字段，错误的ETag值，攻击者可以利用这些信息对系统进行进一步攻击。 Apache Software Foundation Apache 2.2.4 可参考如下安全公告： http://people.apache.org/covener/2.2.x-modmemcache-poolmgmt.diff...

[Full-disclosure] Safari XMLHttpRequest HTTP header injection

Westpoint Security Advisory --------------------------- Title: Safari XMLHttpRequest HTTP header injection Risk Rating: Low Platforms: MacOS and Windows Author: Richard Moore [email protected] Date: 25 June 2007 Advisory ID: wp-07-0002 URL: http://www.westpoint.ltd.uk/advisories/wp-07-0002.tx...

Design/Logic Flaw

http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service application crash via a negative value in the Content-Length HTTP header...

CVE-2007-3159

http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service application crash via a negative value in the Content-Length HTTP header...

Sql injection

SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For XFORWARDEDFOR HTTP header, as demonstrated by a request to the /nk/ URI...

CVE-2007-2556

SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For XFORWARDEDFOR HTTP header, as demonstrated by a request to the /nk/ URI...

Sql injection

Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a 1 nickname or 2 Id in a cookie, or 3 the X-Forwarded-For XFORWARDEDFOR HTTP header...

CVE-2007-2537

Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a 1 nickname or 2 Id in a cookie, or 3 the X-Forwarded-For XFORWARDEDFOR HTTP header...

NPDS <= 5.10 - Multiple SQL injections

|Description:| Security holes were found in NPDS 5.10. N°1: Sql Injection in cookies File Mainfile.php lines 655 to 691. No check is carried out on nicknames or Id which can allow an attacker to modify a SQL request so as to obtain data. N°2: SQL Injection due to a bad use of "XFORWARDEDFOR" file...

Net Portal Dynamic System (NPDS) 5.10 Remote Code Execution (2)

No description provided by source. ?php /--------------------------------------------------------- NPDS = 5.10 - Remote Code Execution exploit |Description:| Security holes were found in NPDS 5.10. N掳1: Sql Injection in cookies File Mainfile.php lines 655 to 691. No check is carried out on...

CVE-2007-2235

Multiple cross-site scripting XSS vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 Referer HTTP header to misc.php or the 2 category name when deleting a category in admincategories.php...

CVE-2007-2235

Multiple cross-site scripting XSS vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 Referer HTTP header to misc.php or the 2 category name when deleting a category in admincategories.php...