109 matches found
Scotty traceless analysis of the hackers to avoid detection of the means-vulnerability warning-the black bar safety net
Hacker's clever is not just that they know how to invadeServer, but also that they know how to disguise their attacks. Malicious attackers will use a variety of escape means to allow yourself to not be detected, so as system administrator, should also be aware of these means to cope with the...
CVE-2007-6405
Sergey Lyubka Simple HTTPD shttpd 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended 1 '+' character, 2 '.' character, 3 %2e sequence hex-encoded dot, or 4 hex-encoded character greater than 0x7f. NOTE: the %20 vector is...
DEBIAN-CVE-2007-5977
Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...
CVE-2007-5977
Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...
CVE-2007-5977
Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...
CVE-2002-2409
Photon microGUI in QNX Neutrino realtime operating system RTOS 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID...
CVE-2003-1427
Affected product: Netgear FM114P (firmware 1.4) web configuration interface. Vulnerability: Directory traversal via a hex-encoded (../../ )../ in the port parameter, allowing remote attackers to read arbitrary files (e.g., netgear.cfg). Root cause: Insufficient validation of the port parameter en...
CVE-2007-3701
TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' slash character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack...
Code injection
TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' slash character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack...
CVE-2007-3701
TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' slash character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack...
CVE-2006-3929
Cross-site scripting XSS vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40PT.0b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter...
Crlf injection
CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter...
CVE-2006-1714
CVE-2006-1714 is a CRLF injection vulnerability in the phpMyForum 4.0 index.php file. The issue allows remote attackers to inject HTTP headers by sending hex-encoded CRLF sequences through the type parameter, enabling header manipulation. The affected component is the index.php handler of Christo...
CVE-2006-1714
CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter...
CVE-2005-4255
Cross-site scripting XSS vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter...
CVE-2005-4255
Cross-site scripting XSS vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter...
CVE-2005-3894
Multiple cross-site scripting XSS vulnerabilities in index.pl in Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via 1 hex-encoded values in the QueueID parameter and 2 Action parameters...
CVE-2005-3869
Cross-site scripting XSS vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter...
CVE-2005-3850
Cross-site scripting XSS vulnerability in search.asp in Online Knowledge Base System OKBSYS Lite Edition 1.0 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the q parameter...
CVE-2005-3484
Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allows remote attackers to read arbitrary files with certain file extensions such as ZIP, AVI, JPG, TXT, and HTML via ".." and hex-encoded 1 slash "/" "%2f" or 2 backslash "" "%5c" sequences...