390 matches found
CVE-2009-0802
Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...
CVE-2009-0803
SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and...
CVE-2009-0804
Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...
CVE-2009-0801
CVE-2009-0801 affects Squid when transparent interception is enabled. The vulnerability arises because the HTTP Host header is used to identify the remote endpoint, allowing an attacker to bypass access controls for Flash/Java/Silverlight and potentially reach restricted intranet sites via a craf...
CVE-2009-0804
Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...
CVE-2009-0803
CVE-2009-0803 affects SmoothWall SmoothGuardian (used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008). In transparent interception mode, the product uses the HTTP Host header to determine the remote endpoint, allowing a crafted page to cause a client to send HTTP requests with a...
CVE-2009-0801
Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a...
Design/Logic Flaw
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header...
CVE-2008-6171
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header...
CVE-2008-6171
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header...
CVE-2008-6171
CVE-2008-6171 affects Drupal 5.x before 5.12 and 6.x before 6.6. When a server is configured for IP-based virtual hosts, the application may include and execute arbitrary files via the HTTP Host header, enabling remote code execution. The underlying issue is an insecure file inclusion triggered b...
CUPS < 1.3.10 Multiple Overflows
Binary data 4771.prm...
CVE-2008-3494
8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass intended restrictions via an extra HTTP Host header with additional leading text placed before the real Host header...
Design/Logic Flaw
8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass intended restrictions via an extra HTTP Host header with additional leading text placed before the real Host header...
CVE-2008-3494
8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass intended restrictions via an extra HTTP Host header with additional leading text placed before the real Host header...
Tivoli Storage Manager CAD Host header buffer overflow
Added: 10/26/2007 CVE: CVE-2007-4880 BID: 25743 OSVDB: 38161 Background IBM Tivoli Storage Manager TSM provides centralized management for automated backup and restoration operations. It runs a Client Acceptor Daemon CAD on port 1581/TCP. Problem A buffer overflow vulnerability in Tivoli Storage...
Tivoli Storage Manager CAD Host header buffer overflow
Added: 10/26/2007 CVE: CVE-2007-4880 BID: 25743 OSVDB: 38161 Background IBM Tivoli Storage Manager TSM provides centralized management for automated backup and restoration operations. It runs a Client Acceptor Daemon CAD on port 1581/TCP. Problem A buffer overflow vulnerability in Tivoli Storage...
Novell eDirectory 8.x - iMonitor HTTPSTK Buffer Overflow (3)
source: https://www.securityfocus.com/bid/20655/info The Novell eDirectory server iMonitor is prone to a stack-based buffer-overflow vulnerability because it fails to perform sufficient bounds checking on client-supplied data before copying it to a buffer. An attacker could leverage this issue to...
Lexmark T522 buffer overflow
Buffer overflow on oversized HTTP Host: header...
CVE-2003-1039
Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to 1 Message Server, 2 Web Dispatcher, or 3 Application Server...