56 matches found
Note feather wallpaper - Base64 encoded String, Base64 encoded URLs, Corrupted files vulnerabilities
HackApp vulnerability scanner discovered that application Note feather wallpaper published at the 'play' market has multiple vulnerabilities...
CVE-2013-1857
The sanitize helper in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : colon characters in URLs, which makes it easier for remote...
Mandriva Update for curl MDVSA-2012:058 (curl)
Check for the Version of curl OpenVAS Vulnerability Test Mandriva Update for curl MDVSA-2012:058 curl Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
CVE-2010-2375: WebLogic Plugin HTTP Injection via Encoded URLs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs Release Date: 2010-07-13 Application: WebLogic Plugin...
WebLogic Plugin HTTP Injection Via Encoded URLs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs Release Date: 2010-07-13 Application: WebLogic Plugin...
CVE-2008-2168
CVE-2008-2168 : The linked SUSE/NVD entries describe a cross-site scripting (XSS) vulnerability in Apache HTTP Server up to version 2.2.6 and earlier, exploitable via UTF-7 encoded URLs that are mishandled when rendering the 403 Forbidden error page. Attacker-provided URL input can inject arbitra...
CVE-2008-2168
Cross-site scripting XSS vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page...
GLSA-200604-01 : MediaWiki: XSS vulnerability
The remote host is affected by the vulnerability described in GLSA-200604-01 MediaWiki: XSS vulnerability MediaWiki fails to decode certain encoded URLs correctly. Impact : By supplying specially crafted links, a remote attacker could exploit this vulnerability to inject malicious HTML or...
CVE-2002-1599
Removed by vendor...
CVE-2005-0290
NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension...
DansGuardian content filtering proxy fails to adequately validate user input thereby allowing user to access restricted site via hex encoded URLs
Overview DansGuardian does not properly filter Description DansGuardian is an HTTP proxy server based on Squid and enhanced to filter web content. DansGuardian does not properly process URLs that contain certain unspecified hexadecimal encodings, resulting in incomplete filtering of HTTP response...
CVE-2002-1599
DansGuardian before 2.4.5-1 allows remote attackers to bypass content filtering rules via hex-encoded URLs...
CVE-2001-0530
Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker to bypass file blocking and content inspection via specially encoded URLs which include '%' characters...
CVE-2001-0784
CVE-2001-0784 refers to a directory traversal flaw in Icecast 1.3.10 and earlier. The OpenVAS/Nessus-derived data confirms that an attacker can use specially crafted URLs to read arbitrary files on the affected system due to insufficient input sanitization. The vulnerability affects Icecast’s web...
CVE-2001-0530
Spearhead NetGAP 200 and 300 before build 78 are affected by a remote exploit that bypasses file blocking and content inspection via specially encoded URLs containing '%' characters. Impact is partial confidentiality according to CVSS v2. No explicit remediation is provided in the available docum...
CVE-2000-0787
IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser...