Abyss Web Server 1.1.2 - Incomplete HTTP Request Denial of Service

source: https://www.securityfocus.com/bid/7287/info A denial of service vulnerability has been reported for Abyss Web Server. The vulnerability exists when Abyss attempts to parse certain incomplete HTTP headers. GET / HTTP/1.0 Connection: GET / HTTP/1.0 Range:...

CVE-2002-1556

Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service reset via an HTTP request to the TCC, TCC+ or XTC, in which the request contains an invalid CORBA Interoperable Object Reference IOR...

[SCSA-011] Path Disclosure Vulnerability in XOOPS

Security Corporation Security Advisory SCSA-011 PROGRAM: XOOPS HOMEPAGE: http://www.xoops.org/ VULNERABLE VERSIONS: v2.0 and prior ? DESCRIPTION XOOPS is "a dynamic OO Object Oriented based open source portal script written in PHP. XOOPS is the ideal tool for developing small to large dynamic...

CVE-2003-0017

Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as "", which causes a different filename to be processed and served...

iCal 3.7 - HTTP Request Denial of Service

source: https://www.securityfocus.com/bid/6505/info A denial of service vulnerability has been reported for iCal. The vulnerability occurs when iCal receives a specially formatted HTTP request. This will cause iCal to crash thereby leading to a denial of service. Restarting the service is necessa...

CVE-2002-1874

astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request. NOTE: earlier disclosures stated that the affected versions were 1.7.1 through 2.1.2, but the vendor explicitly stated that these were incorrect...

Pserv 2.0 - HTTP Version Specifier Buffer Overflow

source: https://www.securityfocus.com/bid/6285/info A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections. An attacker can exploit this vulnerability by issuing a HTTP request with an invalid...

Pserv 2.0 - HTTP Request Parsing Buffer Overflow

source: https://www.securityfocus.com/bid/6287/info A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections. An attacker can exploit this vulnerability by issuing a HTTP request with an overly...

CGIScript.net csNews 1.0 - Double URL Encoding Unauthorized Administrative Access

source: https://www.securityfocus.com/bid/4993/info csNews is a script for managing news items on a website. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. Users with "public" access to the system may be able to view and modify some administration...

Super Guestbook 1.0 - Sensitive Information Disclosure

source: https://www.securityfocus.com/bid/7319/info Super Guestbook has been reported prone to a sensitive information disclosure weakness. An attacker may disclose sensitive information regarding the Super Guestbook install by sending a HTTP request for a Guest Book configuration file. Details...

Cacheflow CacheOS 3.14.0 Web Administration - Arbitrary Cached Page Code Leakage

Cacheflow CacheOS 3.14.0 Web Administration - Arbitrary Cached Page Code Leakage source: https://www.securityfocus.com/bid/3841/info CacheOS is the firmware designed and distributed with CacheFlow web cache systems. It is maintained and distributed by CacheFlow. When a user connects to the system...

Caucho Technology Resin 1.2/1.3 - JavaBean Disclosure

source: https://www.securityfocus.com/bid/2533/info A specially constructed HTTP request could enable a remote attacker to gain read access to any known JavaBean file residing on a host running Resin. On Resin webservers, JavaBean files reside in a protected directory, '/WEB-INF/classes/'...

LocalWEB2000 1.1 - Directory Traversal

source: https://www.securityfocus.com/bid/2268/info LocalWEB2000 is subject to a directory traversal. Requesting a specially crafted HTTP request with a known filename will enable an attacker to gain read access to the requested file. http://target/../../../autoexec.bat...

keware technologies homeseer 1.4 - Directory Traversal

keware technologies homeseer 1.4 - Directory Traversal source: https://www.securityfocus.com/bid/2085/info Keware Technologies HomeSeer is a home automation application which enables users to control various housewares and appliances locally or remotely via a web interface. It is possible for a...

Cisco IOS software vulnerable to DoS via HTTP request containing "%%"

Overview There is a denial-of-service vulnerability in several Cisco switch and router products which allows an attacker to force affected devices to crash and reboot. Description A vulnerability exists in multiple versions of Cisco's Internetworking Operating System IOS software which allows an...

Cisco IOS software vulnerable to DoS via HTTP request containing "?/"

Overview A vulnerability exists in multiple versions of Cisco's Internetworking Operating System IOS software that allows an attacker to force affected switches and routers to crash and reboot. Description To exploit this vulnerability, the IOS HTTP interface must be enabled and the attacker must...

Netscape Directory Server 4.12 - Directory Server Directory Traversal

Netscape Directory Server 4.12 - Directory Server Directory Traversal source: https://www.securityfocus.com/bid/1839/info Acquiring access to known files outside of the web root is possible through directory traversal techniques in Netscape Directory Server. This is made possible through the use ...

CVE-2000-0649

IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined...

Michael Lamont Savant Web Server 2.1 - CGI Source Code Disclosure

Michael Lamont Savant Web Server 2.1 - CGI Source Code Disclosure source: https://www.securityfocus.com/bid/1313/info Omitting the HTTP version from a "GET" request for a CGI script to the Savant Web Server discloses the source code of the script. telnet target 80 GET /cgi-bin/script.xyz HTTP/1.0...

CVE-1999-1030

counter.exe 2.70 allows a remote attacker to cause a denial of service hang via an HTTP request that ends in %0A newline, which causes a malformed entry in the counter log that produces an access violation...