484 matches found
Design/Logic Flaw
Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...
CVE-2009-0804
Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...
CVE-2009-0804
Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...
CVE-2009-0802
Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...
Design/Logic Flaw
Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a...
CVE-2009-0801
Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a...
CVE-2009-0802
Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...
CVE-2009-0803
SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and...
CVE-2009-0802
CVE-2009-0802 affects Qbik WinGate HTTP Proxy Server. In transparent interception mode, the proxy uses the HTTP Host header to determine the remote endpoint, enabling a crafted page to force a client to send requests with a modified Host header. This can allow remote attackers to bypass access co...
CVE-2009-0803
CVE-2009-0803 affects SmoothWall SmoothGuardian (used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008). In transparent interception mode, the product uses the HTTP Host header to determine the remote endpoint, allowing a crafted page to cause a client to send HTTP requests with a...
CVE-2009-0804
Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...
CVE-2009-0801
CVE-2009-0801 affects Squid when transparent interception is enabled. The vulnerability arises because the HTTP Host header is used to identify the remote endpoint, allowing an attacker to bypass access controls for Flash/Java/Silverlight and potentially reach restricted intranet sites via a craf...
CVE-2009-0804
CVE-2009-0804 - Ziproxy 2.6.0 vulnerability : In transparent interception mode, Ziproxy uses the HTTP Host header to determine the remote endpoint. This allows a crafted page to cause the client to send requests with a modified Host header, bypassing access controls for Flash, Java, Silverlight, ...
CVE-2009-0801
Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a...
CVE-2009-0804
Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...
CVE-2008-6171
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header...
Design/Logic Flaw
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header...
CVE-2008-6171
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header...
CVE-2008-6171
CVE-2008-6171 affects Drupal 5.x before 5.12 and 6.x before 6.6. When a server is configured for IP-based virtual hosts, the application may include and execute arbitrary files via the HTTP Host header, enabling remote code execution. The underlying issue is an insecure file inclusion triggered b...
simplePMS CMS 0.1.3a LFI / Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl Script : simplePMS CMS v0.1.3a Download: http://garr.dl.sourceforge.net/sourceforge/simplepms/simplePMS-v0-1-3prealpha.tar.bz2 Remote Command Execution Exploit Also affected to multiple LFI vulnerabilities -- Needs Register Globals ON $filename no...