Google, Paypal, Facebook Internal IP disclosure vulnerability

Do you have any idea about an Internal IP Address or a Private IP Address that too assigned for Multinational Companies? Yeah, today we are gonna discuss about Internal IP or Private IP address Disclosure. Disclosure of an Internal IP like 192.168.. or 172.16.. , can really Impact ? Most security...

Scientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64

Several flaws were found in the way in which SeaMonkey processed certain malformed web content. A web page containing malicious content could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. CVE-2007-5338, CVE-2007-5339, CVE-2007-5340 Several flaws wer...

Mobile Mp3 Search Engine HTTP Response Splitting

-=--------------------ADVISORY-------------------=- Mobile Mp3 Search Engine 2.0 Author: Corrado Liotta Aka CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Mobile Mp3 Search Engine -=+ Version: 2.0 -=+ Vendor's URL:...

Mobile MP3 Search Engine 2.0 HTTP Response Splitting

-=--------------------ADVISORY-------------------=- Mobile Mp3 Search Engine 2.0 Author: Corrado Liotta Aka CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Mobile Mp3 Search Engine -=+ Version: 2.0 -=+ Vendor's URL:...

Cisco Web Cache Control Protocol Router Vulenrability

The Web Cache Control Protocol WCCP, available on Cisco devices, does not provide any authentication. A router configured to support Cache Engines will treat any host that sends it valid WCCP hello packets as a cache engine, and may divert HTTP traffic to that host. If a router is configured to u...

Lenovo based information distribution system the presence of a CRLF injection/HTTP response splitting-vulnerability warning-the black bar safety net

Brief description: It is a remote attacker to inject custom HTTP headers. The attacker can inject a session cookie or HTML code. This may be theXSS（cross-site scripting or session fixation vulnerability. Detailed description: URL-encoded input langid set SomeCustomInjectedHeader: the injectedbywv...

Oracle 9i Application Server HTTP Request Smuggling

The version of Oracle Application Server installed on the remote host allows attackers to poison the web cache, bypass web application firewall protection, and conduct cross-site scripting attacks via an HTTP request with both a 'Transfer-Encoding: chunked' header and a 'Content-Length' header...

Apache Tomcat < 6.0.13 Multiple Vulnerabilities

According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 6.0.13. It is, therefore, affected by the following vulnerabilities : - Requests containing multiple 'content-length' headers are not rejected as invalid. This error can allow...

Apache Tomcat 4.x < 4.1.36 Multiple Vulnerabilities

According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.36. It is, therefore, affected by the following vulnerabilities : - Requests containing multiple 'content-length' headers are not rejected as invalid. This error can allow...

Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.23 Content-Length HTTP Request Smuggling

According to its self-reported version number, the instance of Apache Tomcat listening on the remote host is 5.0.x equal to or prior to 5.0.30 or 5.5.x prior to 5.5.23. It is, therefore, affected by an HTTP request smuggling vulnerability. Requests containing multiple 'content-length' headers are...

N-13 News Cross-Site Request Forgery Vulnerability

This host is running N-13 News and is prone to Cross-Site Request Forgery vulnerability. OpenVAS Vulnerability Test $Id: gbn13newscsrfvuln.nasl 7015 2017-08-28 11:51:24Z teissa $ N-13 News Cross-Site Request Forgery Vulnerability Authors: Madhuri D Copyright: Copyright c 2011 Greenbone Networks...

N-13 News CSRF Vulnerability

N-13 News is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Joovili 3.1.8 CRLF injection/HTTP response splitting Vulnerability

Exploit for php platform in category web applications ================================================================== Joovili 3.1.8 CRLF injection/HTTP response splitting Vulnerability ==================================================================...

Oracle Application Server 9i Webcache File Corruption (CVE-2005-1382)

Oracle Application Server Web Cache is a Web portal acceleration software provided by Oracle. It can cache both static and dynamic content and improve scalability and availability of Oracle applications accessed through HTTP. There exists a vulnerability in the way the Oracle Application Server...

Oracle HTTP Server mod_access Restriction Bypass (CVE-2005-1383)

The Oracle HTTP Server OHS is bundled with recent Oracle Database Server releases 8.1.7 and above, 9i and10g. The OHS is provided to enable the distribution of applications over the web. The OHS is derivative of the Apache HTTP server project, and enhanced with a set of Oracle extensions. There...

Squid外部认证头解析器拒绝服务漏洞

CVECAN ID: CVE-2009-2855 Squid是一个高效的Web缓存及代理程序，最初是为Unix平台开发的，现在也被移植到Linux和大多数的Unix类系统中，最新的Squid可以运行在Windows平台下。 Squid的src/HttpHeaderTools.c文件中的strListGetItem函数中存在拒绝服务漏洞。如果远程攻击者向服务器发送了包含有某些逗号分隔符的特制认证头，就可以在strcspn函数中触发死循环，导致服务崩溃。 Squid Web Proxy Cache 2.7 厂商补丁： Squid -----...

Gentoo Security Advisory GLSA 200502-04 (squid)

The remote host is missing updates announced in advisory GLSA 200502-04. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD Ports: apache-tomcat

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Moderate: Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server

Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. ...

CVE-2002-2345

Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access...