Sql injection

SQL injection vulnerability in SaphpLesson 4.3, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the CLIENTIP HTTP header...

CVE-2009-3321

SQL injection vulnerability in SaphpLesson 4.3, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the CLIENTIP HTTP header...

Nginx 0.7.61 - WebDAV Directory Traversal

Bug Title: nginx webdav copy/move method directory traversal Program: nginx Version: nginx/0.7.61 - other versions may also be affected Website: http://sysoev.ru/nginx/ Severity: Low Date discovered: 23 September 2009 The webdav component has to be enabled and the user has to have permission to u...

nginx 0.7.61 WebDAV directory traversal

Exploit for unknown platform in category remote exploits ======================================= nginx 0.7.61 WebDAV directory traversal ======================================= Title: nginx 0.7.61 WebDAV directory traversal CVE-ID: OSVDB-ID: Author: Kingcope Published: 2009-09-23 Verified: yes vi...

Apache HTTP Server 'mod_proxy_ftp' Module Command Injection Vulnerability

Apache HTTP Server is prone to a command injection vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Authorization

The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...

CVE-2009-3095

The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...

CVE-2009-3095

The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...

CVE-2009-3095

The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...

Sql injection

SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO...

CVE-2008-7153

SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO...

CVE-2008-7014

fhttpd 0.4.2 allows remote attackers to cause a denial of service crash via an Authorization HTTP header with an invalid character after the Basic value...

Authorization

fhttpd 0.4.2 allows remote attackers to cause a denial of service crash via an Authorization HTTP header with an invalid character after the Basic value...

CVE-2008-7014

fhttpd 0.4.2 allows remote attackers to cause a denial of service crash via an Authorization HTTP header with an invalid character after the Basic value...

ntop 3.3.10 Denial Of Service

Title: ntop = sizeoftheHttpUser usersizeoftheHttpUser-1 = '\0'; . . . Affected Operating Systems: Only tested on Linux Affected Versions: ntop = 3.3.10 CVE: CVE-2009-2732 Credit: Brad Antoniewicz [email protected] code: START modules/auxiliary/dos/http/ntopbasic.rb...

CVE-2009-2855

The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function...

Joomla! HTTP header cross-site scripting vulnerability-vulnerability warning-the black bar safety net

Joomla! Is an open source content management system CMS to. Joomla! Not properly filter the user in the HTTP request the the submission of the HTTPREFERER variable, a remote attacker can submit a malicious request to inject JavaScript or DHTML code and in the user's browser session. The following...

Mozilla Firefox Chrome Privilege Escalation Vulnerability (Aug 2009) - Linux

Mozilla Firefox is prone to Chrome Privilege Escalation vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox Chrome Privilege Escalation Vulnerability Aug-09 (Linux)

This host is installed with Mozilla Firefox and is prone to Chrome Privilege Escalation vulnerability. OpenVAS Vulnerability Test $Id: gbfirefoxchromeprivescvulnaug09lin.nasl 4865 2016-12-28 16:16:43Z teissa $ Mozilla Firefox Chrome Privilege Escalation Vulnerability Aug-09 Linux Authors: Sharath...

Open redirect

The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafte...