CVE-2006-1061

Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL tftp:// with a valid hostname and a long path...

LinkSys EtherFast Router Denial of Service Attack

The remote host seems to be a Linksys EtherFast Cable Firewall/Router. This product is vulnerable to a remote Denial of service attack : if logging is enabled, an attacker can specify a long URL which results in the router becoming unresponsive. SPDX-FileCopyrightText: 2003 Matt North Some text...

Messagerie 1.0 - Arbitrary User Removal Denial of Service

source: https://www.securityfocus.com/bid/4635/info Messagerie is a web message board application maintained by La Basse. An issue has been discovered in Messagerie, which could allow an attacker to delete arbitrary user accounts. Reportedly, submitting a specially crafted URL will successfully...

Web Server 4D/eCommerce 3.5.3 DoS Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Web Server 4D/eCommerce 3.5.3 DoS Vulnerability Type: DoS, crashes Daemon Release Date: December 15, 2002 Product / Vendor: Web Server 4D/eCommerce is a single application that includes a shopping cart, credit card authorization, and order tracking - ...

IBM HTTP Server on AS/400 Trailing Slash Source Code Disclosure

IBM's HTTP Server on the AS/400 platform is vulnerable to an attack that will show the source code of the page -- such as a .html or .jsp page -- by attaching an '/' to the end of a URL. %NASLMINLEVEL 70300 This script was written by Felix Huber Script audit and contributions from Carmichael...

CVE-2001-0146

IIS 5.0 and Exchange 2000 are vulnerable to a DoS via repeated malformed URLs that trigger a memory allocation error, disrupting IIS (and web-based mail on Exchange). The CERT/MS MS01-014 patch (and MS01-044 for IIS-only scenarios) are the remediation paths described; no exploitation details are ...

SilverPlatter WebSPIRS 3.3.1 - File Disclosure

source: https://www.securityfocus.com/bid/2362/info A remote user could gain read access to known files outside of the root directory where SilverPlatter WebSPIRS resides. Requesting a specially crafted URL composed of '../' sequences along with the known filename will disclose the requested file...

CVE-2000-0664

CVE-2000-0664 affects AnalogX SimpleServer:WWW 1.06 and earlier. A remote attacker can read arbitrary files via a modified dot-dot traversal using %2E URL encoding for the dots in requests to the server. The vulnerability is documented in multiple sources (NVD/CVE records, Nessus plugin) with rem...

Переполнение буфера в Real Player 6/7

Переполнение буфера при указании в качестве источника URL свыше 299 символов. Это может быть использовано при атаке через браузер с помощью тага EMBED...

Microsoft IIS 4.0 - UNC Mapped Virtual Host

MS Commercial Internet System 2.0/2.5,IIS 4.0,Proxy Server 2.0,Site Server Commerce Edition 3.0 UNC Mapped Virtual Host Vulnerability source: https://www.securityfocus.com/bid/1081/info If a virtual host root is mapped to a UNC share, a backward slash "" appended to an ASP or HTR extension in a...

CVE-2000-0146

The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet...

CVE-1999-0222

Denial of service in Cisco IOS web server allows attackers to reboot the router using a long URL...

Microsoft IIS 2.0/3.0 - Long URL Denial of Service

// source: https://www.securityfocus.com/bid/2654/info Microsoft Internet Information Server is vulnerable to a denial of service. This particular denial of service affects versions 2.0, 3.0 and 4.0 of the server prior to service pack 4. The URL which causes this issue is of the format...