31 matches found
Mandriva Linux Security Advisory : curl (MDVSA-2013:180)
A vulnerability has been discovered and corrected in curl : libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL encoded strings to raw binary data. URL encoded octets are represented with %HH combinations...
Updated curl packages fix CVE-2013-2174
libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL encoded strings to raw binary data. URL encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal number. The decoded strin...
cURL library -- heap corruption in curl_easy_unescape
cURL developers report: libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL-encoded strings to raw binary data. URL-encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal...
DEBIAN-CVE-2007-3946
modauth httpauth.c in lighttpd before 1.4.16 allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving 1 a memory leak, 2 use of md5-sess without a cnonce, 3 base64 encoded strings, and 4 trailing whitespace in the Auth-Digest header...
CVE-2007-3946
modauth httpauth.c in lighttpd before 1.4.16 allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving 1 a memory leak, 2 use of md5-sess without a cnonce, 3 base64 encoded strings, and 4 trailing whitespace in the Auth-Digest header...
CVE-2006-6600
Cross-site scripting XSS vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609...
CVE-2006-6600
Cross-site scripting XSS vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609...
CVE-2006-6600
CVE-2006-6600 describes a Cross-site Scripting (XSS) vulnerability in TorrentFlux 2.2, specifically in dir.php, where remote attackers can inject arbitrary web script or HTML through double URL-encoded strings in the dir parameter. This is linked to CVE-2006-5609. The provided sources confirm the...
USN-288-1: PostgreSQL server/client vulnerabilities
CVE-2006-2313: Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data. If a client application processed untrusted input without respecting its encoding and applied standard string escaping techniques such as replacing a single quote '''''''...
Zeus Web Server 3.x - Null Terminated Strings
Zeus Web Server 3.x - Null Terminated Strings source: https://www.securityfocus.com/bid/977/info Appending "%00" to the end of a CGI script filename will permit a remote client to view full contents of the script if the CGI module option "allow CGIs anywhere" is enabled. Scripts located in...
altavista.txt
hola, more bugs in the AV-Search thing .. using uri-encoded strings it is possible to view "any" file on the system .. examples: unixxxsss ... http://server:port/cgi-bin/query?mss=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/etc/passwd or on an micro$oft IIS...