CVE-2008-0694

Cross-site scripting XSS vulnerability in the HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header...

Cross site scripting

Cross-site scripting XSS vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format...

CVE-2008-0563

Cross-site request forgery CSRF vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in...

CVE-2008-0563

Cross-site request forgery CSRF vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in...

CVE-2008-0563

CVE-2008-0563 describes a cross-site request forgery in Liferay Portal 4.3.6, where the application uses the User-Agent header when composing Forgot Password HTML emails. This allows remote attackers to perform unspecified actions as unspecified authenticated users. The available documents consis...

CVE-2008-0548

Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service daemon crash via a large integer in the Content-Length HTTP header, which triggers a NULL dereference when malloc fails...

Design/Logic Flaw

Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service daemon crash via a large integer in the Content-Length HTTP header, which triggers a NULL dereference when malloc fails...

CVE-2008-0548

Steamcast 0.9.75 and earlier is affected by a denial of service via a crafted large Content-Length HTTP header that causes a NULL dereference when malloc fails. Affected component: the server handling HTTP requests; root cause is handling of oversized Content-Length values. Impact is denial of se...

CVE-2008-0548

Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service daemon crash via a large integer in the Content-Length HTTP header, which triggers a NULL dereference when malloc fails...

Liferay Portal Enterprise Admin User-Agent HTTP header XSS

Overview Liferay Portal contains a cross-site scripting vulnerability in the handling of the User-Agent HTTP header, which can allow a remote, authenticated attacker to gain administrative access. Description Liferay Portal is an enterprise portal solution that uses Java technologies. The...

Directory traversal

Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the set parameter, as demonstrated by sending a certain CLIENTIP HTTP header in an enter action to index.php, and injecting PHP sequences into...

CVE-2008-0478

Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the set parameter, as demonstrated by sending a certain CLIENTIP HTTP header in an enter action to index.php, and injecting PHP sequences into...

CVE-2008-0478

Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the set parameter, as demonstrated by sending a certain CLIENTIP HTTP header in an enter action to index.php, and injecting PHP sequences into...

Code injection

stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php...

SetCMS 3.6.5 (setcms.org) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl SetCMS v3.6.5 setcms.org remote commands execution exploit by RST/GHC o4.o9.2oo6 coded by 1dt.w0lf THIS IS UNPUBLISHED RST/GHC EXPLOIT CODE KEEP IT PRIVATE про багу: file: functions.php FUNCTION ip global $userid; ifgetenv'HTTPCLIENTIP' $userip =...

squid security update

CentOS Errata and Security Advisory CESA-2007:1130-04 Updated squid packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Squid is a high-performance...

CVE-2007-6622

SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

Sql injection

SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

CentOS 3 / 4 / 5 : squid (CESA-2007:1130)

Updated squid packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Squid is a high-performance proxy caching server for Web clients, supporting FTP,...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via 1 the link parameter or 2 the User-Agent HTTP header...