3714 matches found
Jupiter CMS 1.1.5 - Client-IP SQL Injection
Jupiter CMS 1.1.5 - Client-IP SQL Injection URL: http://www.acid-root.new.fr/advisories/12070214.txt / errorreportingEALL ^ ENOTICE; $url = 'http://localhost/jupiter/'; $xpl = new phpsploit; $xpl-agent"Mozilla"; $hev = "-1' UNION SELECT CONCAT'" ."BEGINXPLUSER'," ."SELECT username FROM users LIMI...
CVE-2006-6986
Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which...
CVE-2006-6990
Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site,...
CVE-2006-6989
Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the...
CVE-2006-6991
Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site,...
CVE-2006-6983
CVE-2006-6983 documents a cross-domain information disclosure in MYweb4net Browser 3.8.8.0. The vulnerability arises from an object tag with a data parameter referencing a link that points to a Location header on the attacker's site, allowing the target content to be exposed via the outerHTML att...
Cross site scripting
Cross-site scripting XSS vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page...
Design/Logic Flaw
EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer...
JVN#05088443 CGI RESCUE WebFORM vulnerable to HTTP header injection
Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, "Web Mailer" released from CGI RESCUE also contains a similar vulnerability...
[SA23913] CGI Rescue WebFORM Cross-Site Scripting and HTTP Header Injection
TITLE: CGI Rescue WebFORM Cross-Site Scripting and HTTP Header Injection SECUNIA ADVISORY ID: SA23913 VERIFY ADVISORY: http://secunia.com/advisories/23913/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: WebFORM 4.x http://secunia.com/product/10398/ DESCRIPTION:...
CVE-2006-6684
Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a long X-Forwarded-For HTTP header. NOTE: The provenance of this information is unknown; the details are obtained...
CVE-2006-6684
Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a long X-Forwarded-For HTTP header. NOTE: The provenance of this information is unknown; the details are obtained...
CVE-2006-6679
The issue affects chetcpasswd prior to version 2.4, where ACL checks rely on the X-Forwarded-For header. This header spoofing allows remote attackers to gain unauthorized access. Root cause: authentication/authorization logic trusts X-Forwarded-For for client status in IP ACLs. Documented impact:...
Flash Player HTTP Header CRLF Injection (APSB06-18)
According to its version number, the instance of Flash Player on the remote Windows host contains two ways for a remote attacker to perform arbitrary HTTP requests while controlling most of the HTTP headers. A remote attacker may be able to leverage these issues to conduct cross-site request...
[SA22864] Netquery "User-Agent" HTTP Header Script Insertion
TITLE: Netquery "User-Agent" HTTP Header Script Insertion SECUNIA ADVISORY ID: SA22864 VERIFY ADVISORY: http://secunia.com/advisories/22864/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Netquery 4.x http://secunia.com/product/12587/ DESCRIPTION: Tal Argoni has...
Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpstk.dll library within the dhost.exe web interface of the eDirectory Host...
CVE-2006-5508
Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via 1 the n parameter and 2 the User-Agent HTTP header...
Streamripper <= 1.61.25 HTTP Header Parsing Buffer Overflow Exploit
No description provided by source. / . \ \ \ \ | | / | | | | \ / / /\ \ / \ | | \ / | |/ | |/ / \ / \ | / \ // | Y / ^ /\ | //\ \ /| / / || /\ | \ | \ / / / / 29\08\06 / || / / mm. dM8 YMMMb. dMM8 YMMMMb dMMM' YMMMb dMMMP There are doors I have yet to open YMMM MMM' windows I have yet...
HTTP header injection in Macromedia Flash plugin
No description provided...
Rapid7 Advisory R7-0026: HTTP Header Injection Vulnerabilities in the Flash Player Plugin
Rapid7 Advisory R7-0026 HTTP Header Injection Vulnerabilities in the Flash Player Plugin Published: Oct 17, 2006 Revision: 1.0 http://www.rapid7.com/advisories/R7-0026.jsp 1. Affected Systems: KNOWN VULNERABLE: o Flash Player plugin 9.0.16 for Windows o Flash Player plugin 7.0.63 for Linux PROBAB...