ntopng 1.2.0 Cross Site Scripting

ntopng 1.2.0 XSS injection using monitored network traffic ntopng is the next generation version of the original ntop, a network traffic probe and monitor that shows the network usage, similar to what the popular top Unix command does. The web-based frontend of the software is vulnerable to...

CVE-2014-5019

The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use...

CVE-2014-5019

The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use...

Design/Logic Flaw

The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use...

CVE-2014-5019

Removed by vendor...

CVE-2014-5019

CVE-2014-5019 affects Drupal 6.x before 6.32 and 7.x before 7.29, where the multisite feature can be abused by a crafted HTTP Host header to cause a denial of service (DoS) by impacting configuration file selection. The connected advisories confirm the issue and indicate fixes were released as Dr...

Drupal 6.x < 6.32 / 7.x < 7.29 Multiple Vulnerabilities

The remote web server is running a version of Drupal that is 6.x prior to 6.32 or 7.x prior to 7.29. It is, therefore, potentially affected by the following vulnerabilities : - The HTTP Host header, which determines the configuration file used by Drupal core's multisite feature, does not properly...

SA-CORE-2014-003 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Denial of service with malicious HTTP Host header Base system - Drupal 6 and 7 - Critical Drupal core's multisite feature dynamically determines which configuration file to use based on the HTTP Host header. The HT...

CacheFlow CacheOS 4.1.10016 HTTP HOST Proxy Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8584/info Malicious HTTP HOST header field can be used on CacheOS to tunnel arbitrary TCP connections through a HTTP request. It has been reported that CacheFlow CacheOS may allow the misuse of the HOST header value. This...

Novell eDirectory NDS Server Host Header Overflow

No description provided by source. $Id: edirectoryhost.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

CVE-2014-3941

TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."...

CVE-2014-3941

TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."...

CVE-2014-3941

TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."...

Squid HTTP Host Header Port Handling Denial of Service (CVE-2013-4123)

A denial-of-service vulnerability exists in Squid proxy...

CVE-2013-4123

clientsiderequest.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header...

CVE-2013-4123

CVE-2013-4123 affects Squid: client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote denial of service via a crafted port number in a HTTP Host header. Connected advisories reference patches and updates across multiple distros (openSUSE, Fedora, Solaris patch upda...

Moderate: Red Hat Security Advisory: Django security update

Updated Django packages that fix multiple security issues are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

DSA-2634-1 python-django - several vulnerabilities

Bulletin has no description...

django -- multiple vulnerabilities

The Django Project reports: Host header poisoning Some parts of Django -- independent of end-user-written applications -- make use of full URLs, including domain name, which are generated from the HTTP Host header. Some attacks against this are beyond Django's ability to control, and require the...

Novell Remote Manager Off-by-One Denial of Service

An off-by-one denial of service vulnerability has been reported in Novell Remote Manager. The vulnerability is due to insufficient validation of the HTTP Host header values. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the vulnerable server...