1166 matches found
CVE-2010-0776
The Web Container in IBM WebSphere Application Server WAS 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request...
CVE-2010-0776
The Web Container in IBM WebSphere Application Server WAS 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request...
BEA Weblogic Transfer-Encoding Buffer Overflow
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'BEA Weblogic...
Cross site scripting
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, ...
Microsoft XML Core Services Remote Code Execution Vulnerability (955218)
This host is missing a critical security update according to Microsoft Bulletin MS08-069. OpenVAS Vulnerability Test $Id: secpodms08-069900058.nasl 5370 2017-02-20 15:24:26Z cfi $ Description: Microsoft XML Core Services Remote Code Execution Vulnerability 955218 Authors: Chandan S Copyright:...
BEA Weblogic Transfer-Encoding Buffer Overflow
This module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. This vulnerability exists in the error reporting for unknown Transfer-Encoding headers. You may have to run this twice due to timing issues with handlers. This module requires Metasploit:...
FreeBSD Ports: apache-tomcat
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
tomcat multiple content-length header poisioning
Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...
Cross site request forgery (csrf)
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a...
Microsoft IE 7 setRequestHeader()函数多个请求拆分/渗透漏洞
BUGTRAQ ID: 28379 Internet Explorer是微软发布的非常流行的WEB浏览器。 IE 7允许通过HTTP请求拆分攻击覆盖Content-Length、Host和Referer等HTTP头,导致HTTP头信息欺骗。 类似于以下javascript: ---------------------------------------------- var x=new XMLHttpRequest; x.open"POST","/"; forf=127;f255;f++ try...
Debian Security Advisory DSA 934-1 (pound)
The remote host is missing an update to pound announced via advisory DSA 934-1. Two vulnerabilities have been discovered in Pound, a reverse proxy and load balancer for HTTP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-1391: Overly long HTTP Host:...
tomcat multiple content-length header poisioning
Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...
CVE-2002-2394
InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding...
CVE-2002-2394
InterScan VirusWall 3.6 for Linux and 3.52 for Windows is affected by a vulnerability that allows remote attackers to bypass antivirus protection and potentially execute arbitrary code through HTTP/1.1 chunked transfer encoding. Affected components: VirusWall on Linux (3.6) and Windows (3.52). Ro...
CVE-2003-1415
NetCharts XBRL Server 4.0.0 allows remote attackers to obtain sensitive information via an HTTP request with an invalid chunked transfer encoding specification...
CVE-2007-5094
Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line, the string "MIME" by...
IPSwitch IMail Server 8.0x Remote Heap Overflow Exploit
No description provided by source. / by axis 2007-06-05 http://www.ph4nt0m.org Mail-List: http://list.ph4nt0m.org 脪脭脟掳脫脨脮芒啪枚脪禄啪枚imail碌脛exp PRIVATE Remote Exploit For IMAIL Smtp Server1.2 This is For imail 8.01-8.11 version Usage:faint.exe -d host options Options: -d: Hostname to attack Required -...
tomcat multiple content-length header poisioning
Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...
tomcat multiple content-length header poisioning
Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...
tomcat multiple content-length header poisioning
Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...