Cogent DataHub HTTP Server Buffer Overflow

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

azuresites cms Multiple Vulnerabilities

No description provided by source. AzureSites CMS - Multiple Vulnerabilities Vulnerabilities discovered by: LidlosesAuge Greetz to: -=Player=- , Suicide, g4ms3, enco, GPM, Free-Hack, Ciphercrew, h4ck-y0u Date: 26.05.2008 Vulnerabilities: 1. SQL Injection 1.1...

Icecast (<= 2.0.1) Header Overwrite (win32)

No description provided by source. $Id: icecastheader.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...

Cyclope Employee Surveillance Solution 6.0 6.1.0 6.2.0 - Multiple Vulnerabilities

No description provided by source. Author: loneferret of Offensive Security Product: Cyclope Employee Surveillance Solution v6.0 Version: 6.1.0 & 6.2.0 Vendor Site: http://www.cyclope-series.com/ Software Download: http://www.cyclope-series.com/download/index.html Software description: The employ...

PHP <= 4.4.4 unserialize() ZVAL Reference Counter Overflow Exploit PoC

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...

DotDefender <= 3.8-5 No Authentication Remote Code Execution Through XSS

No description provided by source. / DotDefender = 3.8-5 No Authentication Remote Code Execution Through XSS Tested on DotDefender 3.8-5 On Ubuntu Server 9.10 64-bit with Firefox 3.6.3 Paul Hand aka rAWjAW AT offsec.com Original Post-Authentication Remote Command Execution Vulnerability:...

CVE-2014-3012

Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs...

CVE-2014-3012

CVE-2014-3012 affects IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4. The vulnerability is a CRLF injection allowing remote authenticated users to inject arbitrary HTTP headers and perform HTTP response splitting via unspecified parameters to custom JSPs. Root cause is improper handl...

CVE-2014-3012

Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs...

CVE-2012-5057

CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter...

Crlf injection

CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter...

CVE-2012-5057

CVE-2012-5057 describes a CRLF injection vulnerability in ownCloud Server

Crlf injection

CRLF injection vulnerability in the cookie method lib/Dancer/Cookie.pm in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526...

CVE-2012-5572

CRLF injection vulnerability in the cookie method lib/Dancer/Cookie.pm in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526...

iTunes security vulnerabilities

Invalid HTTP headers processing, weak permissions...

CVE-2012-3333

CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL...

Crlf injection

CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL...

Khan Academy: CRLF Injection

Is it possible for a remote attacker to inject custom HTTP headers. For example, an attacker can inject session cookies or HTML code. This may conduct to vulnerabilities like XSS cross-site scripting or session fixation. PoC...

PHP-Nuke 8.3 News SQL Injection

title : phpnuke 8.3 sql injection vulnerability Exploit Title: phpnuke 8.3 submit news module sql injection vulnerability Google Dork: inurl:modules.php?name=SubmitNews Date: 5/24/2014 Exploit Author: ali ahmady -- Iranian Researcher snip3rirathotmail.com Vendor Homepage: phpnuke.org Software Lin...

CVE-2014-1418

Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the 1 Vary: Cookie or 2 Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers...