CVE-2010-4714

Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to 1 gwpoa.exe in the Post Office Agent, 2 gwmta.exe in the Message Transfer Agent, 3 gwia.exe in the Internet Agent, 4 the WebAccess Agent, or 5 th...

Weborf 'get_param_value()' Function HTTP Header Handling Denial Of Service Vulnerability

Weborf is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to crash, denying service to legitimate users. Versions prior to Weborf 0.12.5 are vulnerable. OpenVAS Vulnerability Test $Id: gbweborf46054.nasl 7015 2017-08-28 11:51:24Z teissa...

Cross site scripting

Cross-site scripting XSS vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP XFORWARDEDFOR header, which is stored by system/libraries/Environment.php but n...

CVE-2011-0508

Cross-site scripting XSS vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP XFORWARDEDFOR header, which is stored by system/libraries/Environment.php but n...

Mongoose Web Server 'Content-Length' HTTP Header Remote DoS Vulnerability

Mongoose Web Server is prone to a remote denial of service DoS vulnerability because it fails to handle specially crafted input. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Novell iPrint Client < 5.56 Multiple Vulnerabilities

The version of Novell iPrint Client installed on the remote host is earlier than 5.56. Such versions are reportedly affected by one or more of the following vulnerabilities that can allow for arbitrary code execution : - The iPrint ActiveX control fails to sanitize input to the 'GetDriverSettings...

Mongoose 2.11 - Content-Length HTTP Header Remote Denial of Service

Mongoose 2.11 - Content-Length HTTP Header Remote Denial of Service source: https://www.securityfocus.com/bid/45602/info Mongoose is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted input. Successfully exploiting this issue will allow an attacker to...

Mongoose 2.11 - &#039;Content-Length&#039; HTTP Header Remote Denial of Service

source: https://www.securityfocus.com/bid/45602/info Mongoose is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted input. Successfully exploiting this issue will allow an attacker to crash the affected application, denying further service to legitimate...

IPfucK -- A Proxy tool for Firefox -- New Version

Having your IP address considered as private from a legal point of view, it is always interesting to increase your on-line privacy. Not only to hide your illegal activity indeed for most politicians and anti-fraud organizations, behind each surfers lives, but to just keep your personal informatio...

GroupWise Internet Agent < 8.0.2 HP1 Multiple Flaws

The version of GroupWise Internet Agent installed on the remote host is older than 8.0.2.11941 and hence affected by the following issues : - Multiple 'Content-Type' header parsing issues can result in arbitrary code execution on the remote system. ZDI-10-237 / ZDI-10-238 / ZDI-10-241 - Multiple...

Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Juniper SA Series devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the meetingtestjava.cgi page which is used to test JVM compatibility. When...

Paypal.com Cross Site Scripting

https://www.paypal.com | HTTP Header Injection | Cross Site Scripting XSS | CAPEC-34 | CWE-79 Hoyt LLC - October 28, 2010 http://cloudscan.blogspot.com | http://cloudscan.me https://www.paypal.com | HTTP Header Injection | Cross Site Scripting XSS Tested on IE8, Chrome, Firefox. The affected URL'...

JVN#72541530: Active! mail 6 vulnerable to HTTP header injection

Active! mail 6 from TransWARE Co. is a web-based email software. Active! mail 6 contains a HTTP header injection vulnerability. Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response splitting attacks are also possible. Soluti...

CVE-2010-3842

Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ backslash as a separator of path components within the Content-disposition HTTP header...

Path traversal

Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ backslash as a separator of path components within the Content-disposition HTTP header...

CVE-2010-3842

CVE-2010-3842 affects the curl command-line tool, specifically versions 7.20.0 through 7.21.1. The root cause is improper handling of backslashes as directory separators in the Content-Disposition header when using --remote-header-name (-J). This allows a remote server to cause the client to writ...

CVE-2010-3842

Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ backslash as a separator of path components within the Content-disposition HTTP header...

Oracle Sun Java System Web Server - HTTP Response Splitting

Oracle Sun Java System Web Server - HTTP Response Splitting Description Security-Assessment.com discovered that is possible to successfully perform an HTTP Response Splitting attack against applications served by Sun Java System Web Server. The vulnerability can be exploited if user supplied inpu...

ecshop advertising call page message header is written into the storms path-vulnerability warning-the black bar safety net

/affiche.php,php5 environmental error exposure program path, php4 environment to display the written information the charset parameter is not to do rigorous filtration result in an http message header truncated written...

[DCA-00015] YOPS Web Server Remote Command Execution

DCA-00015 Software - YOPS Your Open Personal WEB Server Vendor Product Description - YOPS Your Own Personal WEB Server is a small SEDA-like HTTP server for Linux OS written in C. There are 7 stages accept, parse, launch, fetch, error, send and log, and pipes are used as interstage channels. Bug...