Open redirect

The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafte...

CVE-2009-2665

The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafte...

CVE-2009-2665

The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafte...

Joomla! HTTP header cross-site scripting vulnerability-vulnerability warning-the black bar safety net

From the green Alliance:no commercial use indicate in advance Joomla! Is an open source content management system CMS to. Joomla! Not properly filter the user in the HTTP request the the submission of the HTTPREFERER variable, a remote attacker can submit a malicious request to inject JavaScript ...

Novell eDirectory iMonitor buffer overflow

Off-by-one overflow on HTTP Accept-Language: header...

CVE-2009-1697

Removed by vendor...

LogMeIn 4.0.784 - cfgadvanced.html HTTP Header Injection

LogMeIn 4.0.784 - cfgadvanced.html HTTP Header Injection source: https://www.securityfocus.com/bid/35236/info LogMeIn is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP...

LogMeIn 4.0.784 - 'cfgadvanced.html' HTTP Header Injection

source: https://www.securityfocus.com/bid/35236/info LogMeIn is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP response, attackers may be able to launch various attacks,...

Cross site scripting

Cross-site scripting XSS vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...

Crlf injection

CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter...

FreeBSD : cups -- remote code execution and DNS rebinding (736e55bc-39bb-11de-a493-001b77d09812)

Gentoo security team summarizes : The following issues were reported in CUPS : - iDefense reported an integer overflow in the cupsImageReadTIFF function in the 'imagetops' filter, leading to a heap-based buffer overflow CVE-2009-0163. - Aaron Siegel of Apple Product Security reported that the CUP...

cups -- remote code execution and DNS rebinding

Gentoo security team summarizes: The following issues were reported in CUPS: iDefense reported an integer overflow in the cupsImageReadTIFF function in the "imagetops" filter, leading to a heap-based buffer overflow CVE-2009-0163. Aaron Siegel of Apple Product Security reported that the CUPS web...

JVN#28020230 Web Mailer from CGI RESCUE vulnerable to HTTP header injection

Web Mailer from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. Web Mailer contains a HTTP header injection vulnerability. Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response...

GLSA-200904-20 : CUPS: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200904-20 CUPS: Multiple vulnerabilities The following issues were reported in CUPS: iDefense reported an integer overflow in the cupsImageReadTIFF function in the 'imagetops' filter, leading to a heap-based buffer overflow...

Mozilla Foundation Security Advisory 2009-16

Mozilla Foundation Security Advisory 2009-16 Title: jar: scheme ignores the content-disposition: header on the inner URI Impact: Moderate Announced: April 21, 2009 Reporter: Daniel Veditz Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.9 Description Mozilla developer Daniel Veditz...

Cross site scripting

Cross-site scripting XSS vulnerability in Ultimate PHP Board UPB 2.2.2, 2.2.1, and earlier 2.x versions allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header...

Squid 2.7 / 3.0 Information Disclosure Vulnerability

According to its version number, the remote version of Squid is prone to an information disclosure vulnerability related to the interpretation of the Host HTTP header. Specifically, this issue occurs when the proxy makes a forwarding decision based on the Host HTTP header instead of the destinati...

X10media Mp3 Search Engine 1.6.2 - Admin Access

X10media Mp3 Search Engine 1.6.2 - Admin Access THUNDER Product: X10media Mp3 Search Engine v1.x Admin Access Vulnerability Author : THUNDER File : admin/admin.php Vulnerable Code / User not an administrator, redirect to main page automatically. / if!$session-isAdmin header"Location: ../main.php"...

Sql injection

SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header $SERVER'HTTPUSERAGENT'...

CVE-2009-1227

NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long 1 Authorization or 2 Referer HTTP header to TCP port 18624...