IntelliTamper 2.07 HTTP Header Remote Code Execution Exploit

Exploit for unknown platform in category remote exploits ============================================================ IntelliTamper 2.07 HTTP Header Remote Code Execution Exploit ============================================================ / IntelliTamper 2.07 Location: HTTP Header Remote Code...

Apache Tomcat HttpServletResponse.sendError()跨站脚本漏洞

BUGTRAQ ID: 30496 CVECAN ID: CVE-2008-1232 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat不仅在错误页面中显示了HttpServletResponse.sendError调用的消息参数，同时也在HTTP响应的reason-phrase中使用，这就可能在HTTP头中包含非法字符。特制的消息可能导致跨站脚本攻击，向HTTP响应中注入任意内容。 Apache Group Tomcat 6.0.x Apache Group Tomcat 5.5.x Apache Group Tomcat 4.1.x...

Sql injection

SQL injection vulnerability in Triton CMS Pro allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...

CVE-2008-3153

SQL injection vulnerability in Triton CMS Pro allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...

CVE-2008-3153

SQL injection vulnerability in Triton CMS Pro allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...

OFFSystem HTTP头字段数据处理远程缓冲区溢出漏洞

BUGTRAQ ID: 29809 CNCAN ID：CNCAN-2008062310 OFFSystem是一款开源文件分享软件。 OFFSystem处理HTTP头字段数据存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序权限执行任意代码。 发送特殊构建的包含畸形HTTP头字段的HTTP请求，可导致缓冲区溢出，可能以应用程序权限执行任意指令。 FFSystem OFFSystem 0.9.14 升级程序： OFFSystem OFFSystem 0.9.14 OFFSystem OFFSystem-0.19.14-src.tar.gz...

IBM Lotus Domino Web Server HTTP Header Buffer Overflow (CVE-2008-2240)

IBM Lotus Domino is a server product that provides enterprise-grade e-mail, collaboration capabilities, and custom application platform. A stack buffer overflow vulnerability was reported in the IBM Lotus Domino Web Server application. The vulnerability is due to an error in the IBM Lotus Domino...

Akamai Red Swoosh < 3333 referer Header Cross-Site Request Forgery

The remote host is running Akamai Red Swoosh client, which handles software distribution via the Swoosh network. The version of Red Swoosh installed on the remote host includes a web server that listens on the loopback interface for management commands but it fails to properly sanitize the HTTP...

SQL Injection leading to authorization bypass in Torrent Trader Classic v1.08 and earlier

SQL Injection leading to authorization bypass in Torrent Trader Classic v1.08 and earlier Discovered by: Charles Vaughn [email protected] Software: http://sourceforge.net/projects/torrenttrader Status: Vendor Notified, updated version available Vulnerability TorrentTrader is a popular torrent...

flash a tips-vulnerability warning-the black bar safety net

Author: darkne2s Source: energy Temple It seems like a large cattle these all have flash exp. But 1 0 personal 9 personal that bad. This surprised me. Press the truth to say that this is not the person's vulnerability should be very easy to use. And I also often irregularly collected all over the...

Stack overflow

Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a long Accept-Language HTTP header...

CGI RESCUE WebFORM vulnerable to HTTP header injection

Overview WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers. Impact Falsified information may be displayed or an arbitrary scri...

CVE-2008-1385

Cross-site scripting XSS vulnerability in the Top Referrers aka referrer plugin in Serendipity S9Y before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...

CVE-2008-1385

Cross-site scripting XSS vulnerability in the Top Referrers aka referrer plugin in Serendipity S9Y before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...

Cross site scripting

Cross-site scripting XSS vulnerability in the Top Referrers aka referrer plugin in Serendipity S9Y before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...

CVE-2008-1385

Cross-site scripting XSS vulnerability in the Top Referrers aka referrer plugin in Serendipity S9Y before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...

Adobe Flash Player 9.0.124.0版本修改多个安全漏洞

BUGTRAQ ID: 27034,28695,26966,28697,26930,28696,28694 CVECAN ID: CVE-2007-5275,CVE-2007-6243,CVE-2007-6637,CVE-2007-6019,CVE-2007-0071,CVE-2008-1655,CVE-2008-1654 Flash Player是一款非常流行的FLASH播放器。 Flash Player 9.0.124.0版本修复了多个安全漏洞，成功利用这些漏洞允许恶意用户绕过安全限制、执行跨站脚本或入侵用户系统，具体包括： 1 处理Declare Function...

RHEL 4 / 5 : squid (RHSA-2008:0214)

The remote Redhat Enterprise Linux 4 / 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2008:0214 advisory. Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. A flaw was found in the way squi...

Drake CMS 0.4.11 - Blind SQL Injection

gid 17. if '' === $gbname = in'gbname', SQL | NOHTML, $POST, '', 50 18. || '' === $gbemail = in'gbemail', SQL | NOHTML, $POST, '', 50 19. || !isemail$gbemail 20. 21. CMSResponse::BackFORMNC; 22. else 23. $gbname = $my-name; 24. $gbemail = $my-email; 25. 26. 27. $timeout = $params-get'timeout',5;...

Sql injection

The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magicquotesruntime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENTIP...