CVE-2005-2721

Multiple cross-site scripting XSS vulnerabilities in 1 index.php or 2 admin.php in Foojan PHP Weblog allow remote attackers to inject arbitrary web script or HTML via the Referer field in the HTTP header...

CVE-2005-2728

Apache httpd is affected by CVE-2005-2728 due to a flaw in the byte-range filter that can cause memory exhaustion and denial of service when handling HTTP requests with a large Range header, as described in multiple connected advisories. The issue affects Apache httpd 2.0.x before 2.0.54 (and var...

CVE-2005-2728

The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service memory consumption via an HTTP header with a large Range field...

foojanInject.txt

Vendor : http://foojan.soltoononline.com A complete Persian PHP Weblog WMS Example Information Disclosure: http://target/foojan/adminmodules/daylinks/index.php http://target/foojan/index.php?daylinkspage=-1 Refferer Html Injection Where : in gmain.php $Weblog- query "INSERT INTO visits id , ip ,...

FreeBSD : opera -- download dialog spoofing vulnerability (a2aa24fd-00d4-11da-bc08-0001020eed82)

A Secunia Advisory reports : Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files. The vulnerability is caused due to an error in the handling of extended ASCII codes in the download dialog. This can be...

opera -- download dialog spoofing vulnerability

A Secunia Advisory reports: Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files. The vulnerability is caused due to an error in the handling of extended ASCII codes in the download dialog. This can be...

Advanced Guestbook User-Agent Header HTML Injection

The remote host is running Advanced Guestbook, a free guestbook written in PHP. The installed version of Advanced Guestbook fails to properly sanitize the 'HTTPUSERAGENT' environment variable before using it in dynamically-generated content. An attacker can exploit this flaw to launch cross-site...

MercuryBoard User-Agent HTTP Header SQL Injection

Binary data 3024.prm...

Apache 2.0.49 - Arbitrary Long HTTP Headers Denial of Service

/usr/bin/perl -w use IO::Socket::INET; usage unless @ARGV == 2; my $host = shift@ARGV; my $port = shift@ARGV; sub usage print "\n"; print "\n Apache HTTPd Arbitrary Long HTTP Headers DoS \n"; print " Tested Versions : 2 newproto='tcp', PeerAddr=$host, PeerPort=$port; $socket or die "Cannot connec...

CVE-2005-1576

Affected software: Mozilla Firefox on Windows (versions 0.10.1 and 1.0). Vulnerability: The file download dialog uses the Content-Type HTTP header to determine file type, but when selecting “Save to Disk,” it preserves the original file extension, allowing remote attackers to mask the true file t...

CVE-2005-1575

The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160...

CVE-2004-1950

phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses...

CVE-2005-1391

Buffer overflow in the addport function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header...

CVE-2005-1391

Buffer overflow in the addport function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header...

CVE-2005-1391

Buffer overflow in the addport function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header...

CVE-2005-0341

Apple Safari 1.2.4 does not obey the Content-type field in the HTTP header and renders text as HTML, which allows remote attackers to inject arbitrary web script or HTML and perform cross-site scripting XSS attacks...

CVE-2004-1578

The CVE-2004-1578 entry concerns Invision Power Board 2.0.0 with a cross-site scripting (XSS) vulnerability in index.php that allows an attacker to inject arbitrary web script or HTML via the Referer header in HTTP requests. Documented impact from sources like NVD and CVE lists is that remote att...

CVE-2004-1578

Cross-site scripting XSS vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header...

Mandrake Linux Security Advisory : squid (MDKSA-2005:034)

More vulnerabilities were discovered in the squid server : The LDAP handling of search filters was inadequate which could be abused to allow logins using severial variants of a single login name, possibly bypassing explicit access controls CVE-2005-0173. Minor problems in the HTTP header parsing...

CVE-2005-0341

CVE-2005-0341 affects Apple Safari 1.2.4. The vulnerability arises because Safari does not obey the Content-Type HTTP header, causing text to be rendered as HTML and enabling remote attackers to inject arbitrary script or HTML (XSS). No exploit specifics are provided in the connected documents. A...