3714 matches found
CVE-2006-5287
Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 allow remote attackers to execute arbitrary SQL commands via 1 the User-Agent HTTP header, or the 2 gbentrytext, 3 gblocation, 4 gbfullname, or 5 gbsex parameters...
CVE-2006-5227
Cross-site scripting XSS vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via 1 the $useragent variable, probably obtained from the User-Agent HTTP header, and possibly 2 the $ipresolved variable...
CVE-2006-5227
Cross-site scripting XSS vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via 1 the $useragent variable, probably obtained from the User-Agent HTTP header, and possibly 2 the $ipresolved variable...
GLSA-200609-10 : DokuWiki: Arbitrary command execution
The remote host is affected by the vulnerability described in GLSA-200609-10 DokuWiki: Arbitrary command execution 'rgod' discovered that DokuWiki doesn't sanitize the X-FORWARDED-FOR HTTP header, allowing the injection of arbitrary contents - such as PHP commands - into a file. Additionally, the...
DokuWiki: Arbitrary command execution
Background DokuWiki is a wiki targeted at developer teams, workgroups and small companies. It does not use a database backend. Description "rgod" discovered that DokuWiki doesn't sanitize the X-FORWARDED-FOR HTTP header, allowing the injection of arbitrary contents - such as PHP commands - into a...
CVE-2006-4674
Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php...
CVE-2006-4674
Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php...
CVE-2006-4451
Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the 1 User-Agent HTTP header in tag.php, which is executed by all.php, and 2 the banned parameter in adminindex.php...
CVE-2006-4451
Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the 1 User-Agent HTTP header in tag.php, which is executed by all.php, and 2 the banned parameter in adminindex.php...
streamripper-2.txt
/ . \ \ \ \ | | / | | | | \ / / /\ \ / \ | \ / / / / 29\08\06 / || / / mm. dM8 YMMMb. dMM8 YMMMMb dMMM' YMMMb dMMMP There are doors I have yet to open YMMM MMM' windows I have yet to look through "MbdMP Going forward may not be the answer .dMMMMMM.P dMM MMMMMM maybe I should go back...
Streamripper <= 1.61.25 HTTP Header Parsing Buffer Overflow Expl 2
Exploit for unknown platform in category remote exploits ===================================================================== Streamripper exploit.exe 80 0 public-release streamripper streamripper.exe http://127.0.0.1:80 Connecting... on other shell + client conneted! + exploit send check shell ...
Streamripper 1.61.25 - HTTP Header Parsing Buffer Overflow (2)
Streamripper 1.61.25 - HTTP Header Parsing Buffer Overflow 2 / name: streamripper exploit.exe 80 0 public-release streamripper streamripper.exe http://127.0.0.1:80 Connecting... on other shell + client conneted! + exploit send check shell on port 4444 now connect to 127.0.0.1:4444 / / define WIN3...
Streamripper 1.61.25 - HTTP Header Parsing Buffer Overflow (2)
/ name: streamripper exploit.exe 80 0 public-release streamripper streamripper.exe http://127.0.0.1:80 Connecting... on other shell + client conneted! + exploit send check shell on port 4444 now connect to 127.0.0.1:4444 / / define WIN32 / include include include ifdef WIN32 include pragma...
Streamripper 1.61.25 - HTTP Header Parsing Buffer Overflow (1)
/ . \ \ \ \ | | / | | | | \ / / /\ \ / \ | \ / / / / 29\08\06 / || / / mm. dM8 YMMMb. dMM8 YMMMMb dMMM' YMMMb dMMMP There are doors I have yet to open YMMM MMM' windows I have yet to look through "MbdMP Going forward may not be the answer .dMMMMMM.P dMM MMMMMM maybe I should go back...
CVE-2006-3124
Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers...
CVE-2006-3124
Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers...
CVE-2006-3124
CVE-2006-3124 describes a buffer overflow in Streamripper’s HTTP header parsing (lib/http.c) that could be triggered by crafted HTTP headers, potentially leading to denial of service or arbitrary code execution. ConnectedOpenVAS entries and Debian/OSS advisories reference Streamripper and corrobo...
CVE-2006-4111
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...
CVE-2006-4111
CVE-2006-4111 affects the Ruby on Rails framework prior to version 1.1.5. The vulnerability arises from a File Upload request that supplies an HTTP header which modifies the LOAD_PATH variable, enabling a remote attacker to execute Ruby code with substantial impact. The issue is distinct from CVE...
CVE-2006-4035
SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...