(0Day) Wavelink Emulation ConnectPro TermProxy WLTermProxyService.exe HTTP Request Headers Remote Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wavelink Emulation ConnectPro TermProxy. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of HTTP requests in WLTermProxyService.exe listening by...

MGASA-2014-0148 Updated tomcat package fixes security vulnerabilities

Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via 1 multiple...

CVE-2013-4286

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct...

Design/Logic Flaw

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to 1 conduct HTTP request splitting and HTTP...

Critical: Red Hat Security Advisory: flash-plugin security update

An updated Adobe Flash Player package that fixes a security issue is now available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The flash-plugin package contains a...

Multiple browsers digest authentication request splitting

It's possible to inject new line characters to HTTP request headers thorugh username...

Apache 1.3.35/2.0.58/2.2.2 - Arbitrary HTTP Request Headers Security

source: https://www.securityfocus.com/bid/19661/info Apache HTTP server is prone to a security weakness related to HTTP request headers. An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks. var req:LoadVars=new LoadVars;...

Write-up by Amit Klein: "Forging HTTP request headers with Flash"

Forging HTTP request headers with Flash Amit Klein, July 2006 Flash - Introduction ==================== Flash player is a very popular browser add-on from Adobe actually, Flash was invented by Macromedia, which was acquired by Adobe. This write-up covers mostly Flash 7 and Flash 8, together...

FreeBSD : kaffeine -- buffer overflow vulnerability (4bfcd857-c628-11da-b2fb-000e0c2e438a)

The KDE team reports : Kaffeine can produce a buffer overflow in httppeek while creating HTTP request headers for fetching remote playlists, which under certain circumstances could be used to crash the application and/or execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CVE-2006-0051

Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the httppeek function...

CVE-2006-0051

Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the httppeek function...

CVE-2006-0051

CVE-2006-0051 affects kaffeine (KDE media player) versions 0.4.2 through 0.7.1. A buffer overflow in playlistimport.cpp/https flow when fetching remote playlists can be triggered by long HTTP request headers, overflowing http_peek and permitting arbitrary code execution by an attacker who tricks ...

CVE-2006-0051

Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the httppeek function...

CVE-2004-1561

Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers...

Multiple devices process HTTP requests inconsistently

Overview Multiple interconnected devices process valid HTTP request headers inconsistently and in this may manner may allow a remote attacker to poison a cache, conduct cross-site scripting attacks, and hijack user sessions. Attackers may use these flaws to launch a class of attacks referred to a...

CVE-2000-0299

Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 package allows remote attackers to cause a denial of service via an HTTP request with long headers such as Accept...