701 matches found
CVE-2008-1245
cgi-bin/setupvirtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service control center outage via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header...
elinks reveals POST data to HTTPS proxy
ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...
Moderate: Red Hat Security Advisory: elinks security update
An updated ELinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ELinks is a text mode Web browser used from the command line that supports...
DEBIAN-CVE-2007-5034
ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...
DEBIAN-CVE-2007-4174
Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...
CVE-2007-4174
Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...
Mod_Security ASCIIZ字节绕过安全限制漏洞
modsecurity是经常与PHP结合使用的Web应用防火墙。 modsecurity在处理特定的HTTP数据时存在漏洞,远程攻击者可能利用此漏洞绕过某些安全限制。 在接收到请求后modsecurity会将其解析成为Web应用参数。由于解析入站数据的方式遵循RFC中所定义的规则而不一定是Perl、Python、Java或PHP中的HTTP请求解析器所兼容的方式,因此如果RFC与实际实现方式不匹配时可能存在一些限制绕过漏洞。...
CVE-2007-1359
Interpretation conflict in ModSecurity modsecurity 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ 0x00 byte, which modsecurity treats as a terminator even though it is still processed as normal data by some...
Design/Logic Flaw
Interpretation conflict in ModSecurity modsecurity 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ 0x00 byte, which modsecurity treats as a terminator even though it is still processed as normal data by some...
CVE-2007-1359
Interpretation conflict in ModSecurity modsecurity 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ 0x00 byte, which modsecurity treats as a terminator even though it is still processed as normal data by some...
phpListPro <= 2.0 - Remote File Include Vulnerability
phpListPro = 2.0 - Remote File Include Vulnerability -------------------------------------------------------- Software: phpListPro Version: =2.00 Type: Remote File Include Vulnerability Date: April, 11th 2006 Vendor: SmartISoft Page: http://smartisoft.com Risc: High Credits:...
Discuss and research the script program to insert the picture-vulnerability warning-the black bar safety net
Now from the injection to get WEBSHELL it seems that success rates are relatively high. Get to a SHELL after the install your own scripts the back door, often by killing. The script the back door of the development history: To 1. The start is placed directly on a ASP file. 2。 The ASP file...
security flaw
optionsidentities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS attacks, and write arbitrary files...
DEBIAN-CVE-2005-2108
SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTPRAWPOSTDATA variable, which stores the data in an XML file...
WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection
!/usr/bin/perl -w sorry for the late posting, had to test it. /str0ke Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML RPC server vulnerabilities I discovered to extract a...
[XSS] paBox 2.0
pabox 2.0 no longer includes the Date and Time parameters in the POST data sent with your shout. The date and time parameters in previous versions were vulnerable to a cross site scripting attack. Now however in version 2.0 if you setup paBox to include an icon with your topic... eg: :winkface:...
Sambar Server 6.0 - 'results.stm' POST Buffer Overflow
source: https://www.securityfocus.com/bid/9607/info A buffer overflow vulnerability has been reported in the Sambar web server. The issue is due to a boundary condition error in the POST data processing of the affected software. Immediate consequences of an attack may result in a denial of servic...
Sambar Server 6.0 - results.stm POST Buffer Overflow
Sambar Server 6.0 - results.stm POST Buffer Overflow source: https://www.securityfocus.com/bid/9607/info A buffer overflow vulnerability has been reported in the Sambar web server. The issue is due to a boundary condition error in the POST data processing of the affected software. Immediate...
Jason Maloney's Guestbook 3.0 - Remote Command Execution
// source: https://www.securityfocus.com/bid/9139/info A vulnerability has been reported in Jason Maloney's Guestbook that could result in remote command execution with the privileges of the web server. The problem occurs due to the application failing to sanitize sensitive script variables after...
Monkey HTTP Daemon 0.40.50.6 - Excessive POST Data Buffer Overflow
Monkey HTTP Daemon 0.40.50.6 - Excessive POST Data Buffer Overflow source: https://www.securityfocus.com/bid/7202/info Monkey HTTP Daemon is prone to a boundary condition error. This condition occurs when the server attempts to handle excessive HTTP POST data. Exploitation could allow a remote...