openSUSE Security Update : perl-CGI-Simple (openSUSE-SU-2011:0020-1)

A HTTP header injection attack was fixed in perl-CGI-Simple. CVE-2010-2761 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update perl-CGI-Simple-3785. The text...

CVE-2013-3081

SQL injection vulnerability in the checkEmailFormat function in plugins/jojocore/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header to /articles/test/...

Sql injection

SQL injection vulnerability in the checkEmailFormat function in plugins/jojocore/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header to /articles/test/...

PHPBTTracker+ 2.2 SQL Injection

Exploit Title: PHPBTTracker+ 2.2 SQL Injection Date: May 13th, 2014 Exploit Author: BackBox Team Vendor Homepage: http://phpbttrkplus.sourceforge.net/ Software Link: http://sourceforge.net/projects/phpbttrkplus/files/ Version: PHPBTTracker+ 2.2 Tested on: PHP 5.4.27, Apache 2.4.9, MySQL = 5.0.0...

CVE-2012-5877

Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service NULL pointer dereference and crash via an HTTP header without a name...

CVE-2012-5877

Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service NULL pointer dereference and crash via an HTTP header without a name...

CVE-2012-5877

CVE-2012-5877 concerns Nero MediaHome Server (Product: Nero MediaHome, vulnerable through NMMediaServer.dll) with versions up to 4.5.8.0. The available documents describe a denial-of-service via malformed HTTP handling, notably a NULL pointer dereference triggered by ill-formed HTTP headers (e.g....

phpnuke 8.3 Sql Injection Vulnerability

Exploit for php platform in category web applications author : ali ahmady -- Iranian security researcher email : snip3rirathotmail.com greets : b0x , PhantomX , VIRkid , email protected , zeus REKCAH , milad22 google dork : inurl: modules.php?name=SubmitNews at post review level you can inject...

tomcat -- multiple vulnerabilities

Tomcat Security Team reports: Tomcat does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference,...

Secret: Content Sniffing not disabled

URL :- https://www.secret.ly/ Issue description :- There was no "X-Content-Type-Options" HTTP header with the value nosniff set in the response. The lack of this header causes that certain browsers, try to determine the content type and encoding of the response even when these properties are...

ReddAPI: Content Sniffing not disabled

URL :- https://api.reddapi.com/ Issue description :- There was no "X-Content-Type-Options" HTTP header with the value nosniff set in the response. The lack of this header causes that certain browsers, try to determine the content type and encoding of the response even when these properties are...

Medium: mod24_security

Issue Overview: apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. Affected Packages: mod24security Issue Correction: Run yum update mod24security or yum...

APPLE-SA-2014-04-22-3 Apple TV 6.1.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-3 Apple TV 6.1.1 Apple TV 6.1.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker in a privileged network position can obtain web site credentials Descriptio...

CVE-2011-5279

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services IIS 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n newline character in an HTTP header...

Crlf injection

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services IIS 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n newline character in an HTTP header...

CVE-2011-5279

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services IIS 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n newline character in an HTTP header...

CVE-2014-1296

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP...

CVE-2014-1296

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP...

CVE-2014-1296

CFNetwork in iOS before 7.1.1, OS X up to 10.9.2, and Apple TV before 6.1.1 mishandles incomplete Set-Cookie headers, allowing a remote attacker to bypass access restrictions by closing the TCP connection during header transmission (HTTPOnly). Public fix/version not specified in the provided docu...

OkCupid: Reflected XSS on www.okcupid.com/signup

Reflected XSS on www.okcupid.com/signup Im using Live HTTP Header for this bug. 1 Go to https://www.okcupid.com/signup 2 Click on continue 3 Enter details 4 Live HTTP Headers or any HTTP Editor should be running before clicking "Next" button. 5 Edit the following POST Headers : Host:...