80 matches found
[SECURITY] Fedora 20 Update: python-oauth2-1.5.211-8.fc20
Oauth2 was originally forked from Leah Culver and Andy Smith's oauth.py code. Some of the tests come from a fork by Vic Fryzel, while a revamped Request class and more tests were merged in from Mark Paschal's fork. A number of notable differences exist between this code and its forefathers: - 100...
Pingtel Xpressa 1.2.x/2.0/2.1 Handset Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11161/info Pingtel Xpressa handsets are reported prone to a remote denial of service vulnerability. The issue is reported to exist because of a lack of sufficient boundary checks performed on HTTP request data handled by...
Moderate: Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.0.0 security update
Red Hat JBoss Data Virtualization 6.0.0 roll up patch 1, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base...
CVE-2014-0414
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via vectors related to HTTP Request Handling...
CVE-2014-0426
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0413...
CVE-2014-0413
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0426...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0426...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via vectors related to HTTP Request Handling...
CVE-2014-0414
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via vectors related to HTTP Request Handling...
CVE-2014-0413
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0426...
CVE-2014-0413
CVE-2014-0413 affects Oracle Fusion Middleware 10.1.3.5’s Oracle Containers for J2EE component. The vulnerability arises in HTTP request handling, enabling remote attackers to impact integrity. This entry is a separate issue from CVE-2014-0426. Connected sources confirm affected product/component...
CVE-2014-0414
CVE-2014-0414 affects Oracle Containers for J2EE (Oracle Fusion Middleware 10.1.3.5). The connected sources describe a null byte injection vulnerability in the path handling when transferring a request to another static page or JSP via pageContext.forward or jsp:forward, which can lead to script ...
Squid "idnsALookup()" DNS名称处理缓冲区溢出漏洞
Squid是一个高效的Web缓存及代理程序。 Squid 3.2 - 3.2.11、3.3 - 3.3.6在处理DNS查询生成请求时,"idnsALookup" 函数发生错误,攻击者通过发送特制的HTTP请求利用此漏洞可造成缓冲区溢出。 0 Squid 3.x 厂商补丁: Squid ----- Squid已经为此发布了一个安全公告(SQUID-20132)以及相应补丁: SQUID-20132:Buffer overflow in HTTP request handling 链接:http://www.squid-cache.org/Advisories/SQUID-20132.txt...
CVE-2012-2660
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...
RHEL 4 : seamonkey (RHSA-2011:0313)
Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...
Firefly Media Server ws_getpostvars Function Content-Length Header HTTP Request Handling Overflow
The remote host is running Firefly Media Server, also known as mt-daapd, a media streaming server. The version of Firefly Media Server installed on the remote host apparently fails to sanitize user-supplied Content-Length field before using it to the call to 'malloclen+1' in 'src/webserver.c'...
MS06-071 Microsoft Internet Explorer XML Core Services HTTP Request Handling
This module exploits a code execution vulnerability in Microsoft XML Core Services which exists in the XMLHTTP ActiveX control. This module is the modified version of http://www.milw0rm.com/exploits/2743 - credit to str0ke. This module has been successfully tested on Windows 2000 SP4, Windows XP...
CVE-2003-1415
NetCharts XBRL Server 4.0.0 allows remote attackers to obtain sensitive information via an HTTP request with an invalid chunked transfer encoding specification...
Global Spy Software Cyber Web Filter 2 - IP Filter Bypass
Global Spy Software Cyber Web Filter 2 - IP Filter Bypass source: https://www.securityfocus.com/bid/11562/info Global Spy Software Cyber Web Filter is affected by an IP filter bypass vulnerability. This issue is due to a failure of the application to properly handle exceptional HTTP requests. An...
Novell NetWare 5.16.0 - POST Arbitrary Perl Code Execution
Novell NetWare 5.16.0 - POST Arbitrary Perl Code Execution source: https://www.securityfocus.com/bid/5520/info A vulnerability has been reported in some versions of Novell NetWare. This issue lies in the handling of some HTTP requests when Perl is used as a handler by a web server. Reportedly, it...