Remotely Anywhere 'Accept-Charset'字符NULL指针拒绝服务漏洞

BUGTRAQ ID: 28175 CNCAN ID:CNCAN-2008031103 Remotely Anywhere是一款远程管理软件。 Remotely Anywhere不正确处理特殊构建的HTTP请求，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 提交包含非法Accept-Charset参数的HTTP请求，可导致NULL指针引用而导致应用程序崩溃，造成拒绝服务攻击。 RemotelyAnywhere RemotelyAnywhere Workstation Edition 8.0.668 RemotelyAnywhere RemotelyAnywhere Server...

CVE-2004-0872

Opera does not prevent cookies that are sent over an insecure channel HTTP from also being sent over a secure channel HTTPS/SSL in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."...