CVE-2006-1126

Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For XFORWARDEDFOR HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTEADDR...

Design/Logic Flaw

Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For XFORWARDEDFOR HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTEADDR...

CVE-2006-1127

CVE-2006-1127 describes a cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2. A remote attacker can inject arbitrary script/HTML through the X-Forwarded-For header when adding a comment to an album. Reported sources (e.g., Exploit-DB/Nessus entries) corroborate multiple Gallery 2 v...

Sql injection

Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the optionprefix parameter in admin.php and other unspecified PHP scripts, and 2 the PCREMOTEADDR HTTP header to click.php...

CVE-2006-1084

Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the optionprefix parameter in admin.php and other unspecified PHP scripts, and 2 the PCREMOTEADDR HTTP header to click.php...

CVE-2006-1012

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment...

Sql injection

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment...

CVE-2006-1012

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment...

Gallery < 2.0.3 GalleryUtilities.class X_FORWARDED_FOR HTTP Header XSS

Binary data 3457.prm...

WordPress <= 1.5.2 - SQL injection

Because of this vulnerability, attackers can execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment. Solution Update the WordPress to the latest available version at least 1.5.3...

Gallery < 2.0.3 IP Spoofing

The version of Gallery hosted on the remote web server allows an attacker to spoof the IP address with a bogus 'XFORWARDEDFOR' HTTP header. In addition, an authenticated attacker can reportedly leverage this flaw to launch cross-site scripting attacks by adding comments to a photo. The applicatio...

Cross site scripting

Cross-site scripting XSS vulnerability in Sources/Register.php in Simple Machine Forum SMF 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field...

CVE-2006-0896

Cross-site scripting XSS vulnerability in Sources/Register.php in Simple Machine Forum SMF 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field...

CVE-2006-0896

Cross-site scripting XSS vulnerability in Sources/Register.php in Simple Machine Forum SMF 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field...

CVE-2006-0864

filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value...

CVE-2006-0852

Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php...

Code injection

Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php...

CVE-2005-4724

SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field in an HTTP header...

CVE-2005-4687

PunBB 1.2.9 (used standalone or with F-ART BLOG:CMS) trusts the client IP from the X-Forwarded-For header instead of the TCP/IP stack, enabling IP address spoofing by remote attackers. Red Hat and CVE records corroborate this vulnerability in PunBB 1.2.9. The underlying issue is header-based IP e...

CA iTechnology iGateway Service Content-Length Buffer Overflow

The remote host is using CA iTechnology iGateway service, a software component used in various products from CA. The version of the iGateway service installed on the remote host reportedly fails to sanitize Content-Length HTTP header values before using them to allocate heap memory. An attacker c...