apache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: moddeflate: The DEFLATE input filter inflates request bodies now limits the length and compression ratio of inflated request bodies to avoid denial of service via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,...

Apache HTTP Server mod_proxy Denial Of Service Vulnerability

This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of Apache HTTP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the modproxy module. The issue lies in the processing of HTTP headers...

CVE-2014-3427

CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet...

Crlf injection

CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet...

CVE-2014-3427

CVE-2014-3427 affects Yealink VoIP Phones (validated on firmware 28.72.0.2) and arises from CRLF injection in the servlet handling the model parameter, enabling remote header injection and HTTP response splitting. Impact, as stated: arbitrary HTTP headers can be injected via the model parameter t...

CVE-2014-3427

CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet...

ownCloud Multiple Vulnerabilities-01 (Jul 2014)

ownCloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; if description...

Microsoft Internet Explorer 5.0.1/6.0 Content-Disposition Handling File Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4752/info An issue exists in the way Microsoft Internet Explorer handles conflicting information in some HTTP headers used to describe non-HTML content. A malicious web server may provide content with misleading values in...

CSO Lanifex Outreach Project Tool 0.946 b Request Origin Spoofing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6630/info It has been reported that OPT accepts the values supplied supplied by users in HTTP headers as the originating IP address of a request. It is possible for a remote host to supply a fake IP address in one of thes...

MyBB (editpost.php, posthash) - SQL Injection Vulnerability

No description provided by source. MyBB 1.6.9 is vulnerable to Stored, Error based, SQL Injection. Vulnerable code: /editpost.php === Line 398 === $posthashquery = posthash='$posthash' OR ; === It can be done by using Tamper DataOr Live HTTP Headers, and when submitting a post, edit the 'posthash...

Abyss Web Server 1.1.2 Incomplete HTTP Request Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7287/info A denial of service vulnerability has been reported for Abyss Web Server. The vulnerability exists when Abyss attempts to parse certain incomplete HTTP headers. GET / HTTP/1.0 Connection: GET / HTTP/1.0 Range:...

DotDefender <= 3.8-5 No Authentication Remote Code Execution Through XSS

No description provided by source. / DotDefender = 3.8-5 No Authentication Remote Code Execution Through XSS Tested on DotDefender 3.8-5 On Ubuntu Server 9.10 64-bit with Firefox 3.6.3 Paul Hand aka rAWjAW AT offsec.com Original Post-Authentication Remote Command Execution Vulnerability:...

Free Image Hosting Script Arbitrary File Upload Vulnerability

No description provided by source. ============================================ Free Image Hosting Script Remote File Upload Vulnerability ============================================ Exploit Title: Free Image Hosting Script ALL VERSIONS Remote File Upload Vulnerability Date: 26/12/11 Author:...

atutor 2.0.2 - Multiple Vulnerabilities

No description provided by source. ATutor 2.0.2 Multiple Remote Vulnerabilities SQLi/XSS/PD Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 2.0.2 build r10589 Summary: ATutor is an Open Source Web-based Learning Content Management System LCMS...

MangosWeb SQL Injection Vulnerability

No description provided by source. EXPLOIT TITLE: MangosWeb SQL Vulnerability DATE: 1/7/2012 BY Hood3dRob1n AFFECTED PRODUCTS: MangosWeb Enhanced Version 3.0.3 SW LINK: http://code.google.com/p/mwenhanced/ CATEGORY: WebApp 0day DORK: intext:MangosWeb ENhanced Version 3.0.3 @2009-2011, KeysWow Dev...

Lynx 2.8.x Command Line URL CRLF Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5499/info A CRLF injection vulnerability has been reported for Lynx that may allow an attacker to include extra HTTP headers when viewing web pages. If Lynx is called from the command line, carriage return and line feed...

MyBB DyMy User Agent Plugin (newreply.php) - SQL Injection Vulnerability

No description provided by source. Exploit title : MyBB DyMy User Agent Plugin SQL injection vulnerability. Author: JoinSe7en Date : 13 Dec 2012 Tested on : Linux Category : Web Applications Software Link : http://mods.mybb.com/view/dymy-user-agent PoC receive admin username We fire up HTTP Live...

Image Store Remote file Upload Vulnerability

No description provided by source. ============================================= =================================== ============================================= ====== Image Store Remote file Upload Vulnerability ============================================= ===================================...

Jason Maloney's Guestbook 3.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9139/info A vulnerability has been reported in Jason Maloney's Guestbook that could result in remote command execution with the privileges of the web server. The problem occurs due to the application failing to sanitize...

11in1 CMS 1.0.1 (do.php) - CRLF Injection Vulnerability

No description provided by source. 11in1 CMS v1.0.1 do.php CRLF Injection Vulnerability Vendor: 11in1 Product web page: http://www.11in1.org Affected version: 1.0.1 Summary: Eleven in One is an open-source content management system CMS that is powered by PHP and MySQL. It does not only help you...