XOOPS任意文件删除和HTTP头注入漏洞

No description provided by source...

Red Hat Directory Server Accept-Language HTTP Header Parsing Buffer Overflow (CVE-2008-2928)

Red Hat Directory Server is an LDAP-based server that centralizes application settings, user profiles, group data, policies, and access control information into an operating system-independent, network-based registry. Fedora Directory Server is a free version of Red Hat Directory Server. There...

FreeBSD : pligg -- XSS and Cross-Site Request Forgery (bec38383-e6cb-11de-bdd4-000c2930e89b)

secunia reports : Russ McRee has discovered some vulnerabilities in Pligg, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks. Input passed via the 'Referer' HTTP header to various scripts e.g. admin/adminconfig.php, admin/adminmodules.php,...

Stack overflow

Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action...

CVE-2009-4180

Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header...

CVE-2009-4180

Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header...

Polipo 1.0.4 - Remote Memory Corruption (PoC)

!/usr/bin/perl estranged.pl AKA Polipo 1.0.4 Remote Memory Corruption 0day PoC Jeremy Brown [email protected]//jbrownsec.blogspot.com//krakowlabs.com 12.07.2009 Hzzp loves you Polipo! No use reporting this issue to Ubuntu Security unless you feel like waiting two weeks for them to sit on it,...

Sql injection

Multiple SQL injection vulnerabilities in admin/aclass/adminfunc.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the 1 X-Forwarded-For or 2 Client-IP HTTP header in a request to the default URI under admin/...

CVE-2009-4203

Multiple SQL injection vulnerabilities in admin/aclass/adminfunc.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the 1 X-Forwarded-For or 2 Client-IP HTTP header in a request to the default URI under admin/...

CVE-2009-3898

Directory traversal vulnerability in src/http/modules/ngxhttpdavmodule.c in nginx aka Engine X before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. dot dot in the Destination HTTP header for the WebDAV 1 COPY or 2 MOVE method...

CVE-2009-3898

Directory traversal vulnerability in src/http/modules/ngxhttpdavmodule.c in nginx aka Engine X before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. dot dot in the Destination HTTP header for the WebDAV 1 COPY or 2 MOVE method...

USN-860-1: Apache vulnerabilities

Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a machine-in-the-middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. The flaw is with TLS renegotiation and...

CVE-2009-2281

Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via 1 a crafted Content-Length HTTP header or 2 a large HTTP request, related to an integer overflow tha...

CVE-2009-2281

Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via 1 a crafted Content-Length HTTP header or 2 a large HTTP request, related to an integer overflow tha...

Integer overflow

Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via 1 a crafted Content-Length HTTP header or 2 a large HTTP request, related to an integer overflow tha...

CVE-2009-2281

Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via 1 a crafted Content-Length HTTP header or 2 a large HTTP request, related to an integer overflow tha...

iNTERNET.cms Cross-Site Scripting vulnerability

---------------------------------------------------------------------- PT-2009-22 Positive Technologies Security Advisory EXcms Root directory disclosure vulnerability ---------------------------------------------------------------------- --- Affected Software EXcms Versions prior to 2.02 Product...

EXcms Root directory disclosure vulnerability

---------------------------------------------------------------------- PT-2009-22 Positive Technologies Security Advisory EXcms Root directory disclosure vulnerability ---------------------------------------------------------------------- --- Affected Software EXcms Versions prior to 2.02 Product...

Cross site scripting

Cross-site scripting XSS vulnerability in Organic Groups OG 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HT...

SuSE9 Security Update : Red Carpet (YOU Patch Number 11461)

This update fixes a bug in the HTTP header parsing code of the included libsoup. This bug makes rcd vulnerable to a remote denial-of-service attack. CVE-2006-5876 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...