apache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: moddeflate: The DEFLATE input filter inflates request bodies now limits the length and compression ratio of inflated request bodies to avoid denial of service via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,...

Apache HTTP Server mod_proxy Denial Of Service Vulnerability

This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of Apache HTTP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the modproxy module. The issue lies in the processing of HTTP headers...

CVE-2014-3427

CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet...

Crlf injection

CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet...

CVE-2014-3427

CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet...

CVE-2014-3427

CVE-2014-3427 affects Yealink VoIP Phones (validated on firmware 28.72.0.2) and arises from CRLF injection in the servlet handling the model parameter, enabling remote header injection and HTTP response splitting. Impact, as stated: arbitrary HTTP headers can be injected via the model parameter t...

ownCloud Multiple Vulnerabilities-01 (Jul 2014)

ownCloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; if description...

Cyclope Employee Surveillance Solution 6.0 6.1.0 6.2.0 - Multiple Vulnerabilities

No description provided by source. Author: loneferret of Offensive Security Product: Cyclope Employee Surveillance Solution v6.0 Version: 6.1.0 & 6.2.0 Vendor Site: http://www.cyclope-series.com/ Software Download: http://www.cyclope-series.com/download/index.html Software description: The employ...

CSO Lanifex Outreach Project Tool 0.946 b Request Origin Spoofing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6630/info It has been reported that OPT accepts the values supplied supplied by users in HTTP headers as the originating IP address of a request. It is possible for a remote host to supply a fake IP address in one of thes...

MyBB (editpost.php, posthash) - SQL Injection Vulnerability

No description provided by source. MyBB 1.6.9 is vulnerable to Stored, Error based, SQL Injection. Vulnerable code: /editpost.php === Line 398 === $posthashquery = posthash='$posthash' OR ; === It can be done by using Tamper DataOr Live HTTP Headers, and when submitting a post, edit the 'posthash...

Abyss Web Server 1.1.2 Incomplete HTTP Request Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7287/info A denial of service vulnerability has been reported for Abyss Web Server. The vulnerability exists when Abyss attempts to parse certain incomplete HTTP headers. GET / HTTP/1.0 Connection: GET / HTTP/1.0 Range:...

Free Image Hosting Script Arbitrary File Upload Vulnerability

No description provided by source. ============================================ Free Image Hosting Script Remote File Upload Vulnerability ============================================ Exploit Title: Free Image Hosting Script ALL VERSIONS Remote File Upload Vulnerability Date: 26/12/11 Author:...

atutor 2.0.2 - Multiple Vulnerabilities

No description provided by source. ATutor 2.0.2 Multiple Remote Vulnerabilities SQLi/XSS/PD Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 2.0.2 build r10589 Summary: ATutor is an Open Source Web-based Learning Content Management System LCMS...

MyBB DyMy User Agent Plugin (newreply.php) - SQL Injection Vulnerability

No description provided by source. Exploit title : MyBB DyMy User Agent Plugin SQL injection vulnerability. Author: JoinSe7en Date : 13 Dec 2012 Tested on : Linux Category : Web Applications Software Link : http://mods.mybb.com/view/dymy-user-agent PoC receive admin username We fire up HTTP Live...

Jason Maloney's Guestbook 3.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9139/info A vulnerability has been reported in Jason Maloney's Guestbook that could result in remote command execution with the privileges of the web server. The problem occurs due to the application failing to sanitize...

11in1 CMS 1.0.1 (do.php) - CRLF Injection Vulnerability

No description provided by source. 11in1 CMS v1.0.1 do.php CRLF Injection Vulnerability Vendor: 11in1 Product web page: http://www.11in1.org Affected version: 1.0.1 Summary: Eleven in One is an open-source content management system CMS that is powered by PHP and MySQL. It does not only help you...

Rash CMS SQL Injection Vulnerability

No description provided by source. ========================================== Rash CMS SQL Injection Vulnerability ========================================== InformatioN Title : Rash CMS SQL Injection Vulnerability Author : keracker Vendor or Software Link : http://rashcms.com Email :...

Cogent DataHub HTTP Server Buffer Overflow

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

azuresites cms Multiple Vulnerabilities

No description provided by source. AzureSites CMS - Multiple Vulnerabilities Vulnerabilities discovered by: LidlosesAuge Greetz to: -=Player=- , Suicide, g4ms3, enco, GPM, Free-Hack, Ciphercrew, h4ck-y0u Date: 26.05.2008 Vulnerabilities: 1. SQL Injection 1.1...

DotDefender <= 3.8-5 No Authentication Remote Code Execution Through XSS

No description provided by source. / DotDefender = 3.8-5 No Authentication Remote Code Execution Through XSS Tested on DotDefender 3.8-5 On Ubuntu Server 9.10 64-bit with Firefox 3.6.3 Paul Hand aka rAWjAW AT offsec.com Original Post-Authentication Remote Command Execution Vulnerability:...