itBit Exchange: ITBit Vulnerable to SSLSTrip

www.itbit.com details: High Level, description It is possible for a malicious user to capture credential information of a www.itbit.com user with the use of SSLStrip. The scenario is that if a user is in a internet cafe and browses the internet while a malicious user intercepts his traffic, the w...

DEBIAN-CVE-2014-3581

The cachemergeheadersout function in modules/cache/cacheutil.c in the modcache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty HTTP Content-Type header...

From the parsing perspective analysis of the Shellshock Vulnerability[CVE-2 0 1 4-6 2 7 1]-vulnerability warning-the black bar safety net

Author: yaoxi Documentation This time, we combined The poc analysis to know about the Bash syntax rules, from another angle to help everyone better understand the bash and the shellshock vulnerability. Vulnerability description CVE-2 0 1 4-6 2 7 1 vulnerability is Stéphane Hassles France found th...

httpd: mod_cgid denial of service

A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...

DEBIAN-CVE-2014-0117

The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...

DEBIAN-CVE-2013-4352

The cacheinvalidate function in modules/cache/cachestorage.c in the modcache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service NULL pointer dereference and daemon crash via vectors that trigger a missing hostna...

UBUNTU-CVE-2014-0117

The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...

Netsparker v3.5 - Web Application Security Scanner

Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting XSS and security issues on all web applications and websites regardless of the platform and the technology they are built on. Netsparker is very easy to u...

httpd: mod_log_config does not properly handle logging certain cookies resulting in DoS

The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service segmentation fault and daemon crash via a crafted cookie that is not properly handled during truncation...

hustoj (fckeditor) Remote Arbitrary File Upload Exploit

No description provided by source. ?php / ----------------------------------------------------------------- hustoj fckeditor Remote Arbitrary File Upload Exploit ----------------------------------------------------------------- Hustoj is HUST ACM OnlineJudge with GNU/GPL v2 License Download :...

Camiro-CMS_beta-0.1 (fckeditor) Remote Arbitrary File Upload Exploit

No description provided by source. ?php / ----------------------------------------------------------------- Camiro-CMSbeta-0.1 fckeditor Remote Arbitrary File Upload Exploit ----------------------------------------------------------------- Download :...

PolyPager 1.0rc10 (fckeditor) Remote Arbitrary File Upload Vulnerability

No description provided by source. ?php / 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \ \\ \ ...

Microsoft Internet Explorer 5.5/6.0 Spoofable File Extensions Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3597/info It is possible for a malicious webmaster, hosting files on an website, to spoof file extensions for users of Internet Explorer. For example, an .exe file can be made to look like a .txt or other seemingly harmle...

Site@School <= 2.4.10 (fckeditor) Session Hijacking / File Upload Exploit

No description provided by source. ?php / ------------------------------------------------------------------------- Site@School = 2.4.10 fckeditor Session Hijacking / File Upload Exploit ------------------------------------------------------------------------- author...: EgiX mail.....:...

In-portal 5.0.3 - Remote Arbitrary File Upload Exploit

No description provided by source. ?php / ----------------------------------------------------------------- In-portal 5.0.3 Remote Arbitrary File Upload Exploit ----------------------------------------------------------------- 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-...

Apache 1.3.x mod_include Local Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11471/info The problem presents itself when the affected module attempts to parse modinclude-specific tag values. A failure to properly validate the lengths of user-supplied tag strings before copying them into finite...

SmodCMS 4.07 (fckeditor) - Remote Arbitrary File Upload Exploit

No description provided by source. ?php / ----------------------------------------------------------------- SmodCMS v.4.07 fckeditor Remote Arbitrary File Upload Exploit -----------------------------------------------------------------...

phpDEV5 - System-Call Local Denial of Service Exploit

No description provided by source. ------------------------------------------------------------------------ PHPDev5 == Apache Server Local Denial-of-Service PoC By : Ali7 e-mail : [email protected] date : 16-03-2k5 greetz : our group :P Target : PHPDev 5 URL : www.firepages.com.au -...

Portaneo Portal 2.2.3 - Remote Arbitrary File Upload Exploit

No description provided by source. ?php / 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \ \\ \ ...

Apple QuickTime 5.0 Content-Type Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4064/info Apple QuickTime is a freely available media player. It runs on a number of platforms including MacOS and Windows 9x/ME/NT/2000/XP operating systems. Apple QuickTime For Windows does not perform sufficient bounds...