Design/Logic Flaw

Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066...

CVE-2010-2504

CVE-2010-2504 affects Splunk 4.0–4.0.10 and 4.1–4.1.1. The issue is HTTP header injection that allows remote authenticated users to obtain sensitive information (SPL-31066). Root cause details beyond “HTTP header injection” are not provided in the connected documents. Impact is noted as exposure ...

CVE-2010-2504

Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066...

Weborf服务器HTTP头远程拒绝服务漏洞

BUGTRAQ ID: 41064 Weborf是用C编写的轻型Web服务器。 Weborf服务器没有正确地处理HTTP请求头Connection:字段中的unicode字符，远程攻击者可以通过发送恶意HTTP请求导致服务器终止。 Galileo Students Team Weborf 0.12.1 厂商补丁： Galileo Students Team --------------------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://freshmeat.net/projects/weborf/releases/318531...

Apache Axis 1.5 Session Fixation

===== Tempest Security Intelligence - Advisory 02 / 2010 =========== Vulnerability = 'Apache Axis Session Fixation Vulnerability' Authors = 'Tiago Ferreira ' 'Leandro Oliveira ' ======== Table of Contents =========================================== 1. Overview 2. Detailed description 3. Other...

CVE-2010-2435

Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service crash via Unicode characters in a Connection HTTP header, and possibly other headers...

CVE-2010-2435

Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service crash via Unicode characters in a Connection HTTP header, and possibly other headers...

devhelp, esc, firefox, gnome, totem, xulrunner, yelp security update

CentOS Errata and Security Advisory CESA-2010:0501 Updated firefox packages that address several security issues, fix bugs, add numerous enhancements, and upgrade Firefox to version 3.6.4, are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update a...

SeaMonkey < 2.0.5 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.0.5. Such versions are potentially affected by the following security issues : - A memory corruption vulnerability can lead to arbitrary code execution if garbage collection is carefully timed after DOM nodes are moved between documents. MFSA...

Firefox 3.6.x < 3.6.4 Multiple Vulnerabilities

Binary data 800742.prm...

Firefox < 3.5.10 Multiple Vulnerabilities

The installed version of Firefox is earlier than 3.5.10. Such versions are potentially affected by the following security issues : - A memory corruption vulnerability can lead to arbitrary code execution if garbage collection is carefully timed after DOM nodes are moved between documents. MFSA...

Mozilla Firefox < 3.5.10 Multiple Vulnerabilities

Binary data 5579.prm...

Mozilla Firefox 3.6.x < 3.6.4 Multiple Vulnerabilities

Binary data 5580.prm...

Firefox < 3.5.10 Multiple Vulnerabilities

Binary data 800758.prm...

Critical: Red Hat Security Advisory: seamonkey security update

Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

MemHT Portal <= 4.1 Upload ByPass Vulnerabilities

Exploit for php platform in category web applications ================================================= MemHT Portal = 4.1 Upload ByPass Vulnerabilities =================================================...

CVE-2010-1937

Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB before 1.3.8 might allow remote attackers to execute arbitrary code via a Content-Length HTTP header that specifies a value too small for the amount of POST data, aka bug 3001896...

Heap overflow

Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB before 1.3.8 might allow remote attackers to execute arbitrary code via a Content-Length HTTP header that specifies a value too small for the amount of POST data, aka bug 3001896...

Integer overflow

Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 through 1.3.7, when the configuration sets httpMaxContentLength to a zero value, allows remote attackers to cause a denial of service heap memory corruption or possibly execute arbitrary code via a large integer in the...

SQL injection vulnerability in MODx CMS and Application Framework

Vulnerability ID: HTB22412 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityinmodxcmsandapplicationframework.html Product: MODx CMS and Application Framework Vendor: MODx Vulnerable Version: 1.0.3 and Probably Prior Versions Vendor Notification: 28 May 2010 Vulnerability Type:...