54 matches found
CVE-2015-8562
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015...
CVE-2015-2926
Cross-site scripting XSS vulnerability in Php/stats/statsRecent.inc.php in phpTrafficA 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header to index.php...
CVE-2014-9453
Multiple cross-site scripting XSS vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP User-Agent or 2 HTTP Referer header...
CVE-2014-9453
Multiple cross-site scripting XSS vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP User-Agent or 2 HTTP Referer header...
Cross site scripting
Cross-site scripting XSS vulnerability in the Web UI in IBM WebSphere Service Registry and Repository WSRR 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header...
CVE-2014-6180
Cross-site scripting XSS vulnerability in the Web UI in IBM WebSphere Service Registry and Repository WSRR 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header...
CmsEasy最新版本前台SQL注射 (2)
简要描述: 这几天在尝试做一款PHP源码审计工具,匹配一些初步的规则时扫出来的,并非针对,感谢CmsEasy 详细说明: 还是INSERT注入,/index.php下有一个stats::getbot;这个方法在做什么呐? /lib/table/stats.php public static function getbot $ServerName = $SERVER"SERVERNAME"; $ServerPort = $SERVER"SERVERPORT"; $ScriptName = $SERVER"SCRIPTNAME"; $QueryString =...
CVE-2013-1104
The HTTP Profiling functionality on Cisco Wireless LAN Controller WLC devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636...
ZB Block Cross Site Scripting
-------------------------------------------------------------------------------------------------------------------- Vulnerable Software: // ZAPHOD BREEBLEBROX'S BLOCKER A.K.A. ZB BLOCK // VERSION 0.4.9 Final "Jaguar" 0.4.9Final Developed by HTTP://WWW.SPAMBOTSECURITY.COM...
http-joomla-brute NSE Script
Performs brute force password auditing against Joomla web CMS installations. This script initially reads the session cookie and parses the security token to perfom the brute force password auditing. It uses the unpwdb and brute libraries to perform password guessing. Any successful guesses are...
CVE-2006-4430
The Cisco Network Admission Control NAC 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access CCA Agent and bypass local and remote protection mechanisms by modifying 1 the HTTP User-Agent header or 2 the behavior of the TCP/IP stack. NOTE: the vendor has...
CVE-2005-4559
mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly initialize the defaultlayout and layoutsettings variables when an unrecognized HTTPUSERAGENT string is provided, which allows remote attackers to acce...
HTTP 'User-Agent' Request Header Detection
Binary data 1735.prm...
[Full-Disclosure] Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
-- Corsaire Security Advisory -- Title: Multiple vendor HTTP user agent cookie path traversal issue Date: 12.07.03 Application: Various Environment: Various Author: Martin O'Neal [email protected] Audience: Vendor notification Reference: c030712-001 -- Scope -- The aim of this document is...