3698 matches found
CVE-2007-3623
Cross-site scripting XSS vulnerability in the Hitachi JP1/HiCommand Device Manager, Tiered Storage Manager, Replication Monitor, and GlobalLink Availability Manager before 20070528 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header...
CVE-2007-3623
Cross-site scripting XSS vulnerability in the Hitachi JP1/HiCommand Device Manager, Tiered Storage Manager, Replication Monitor, and GlobalLink Availability Manager before 20070528 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header...
Design/Logic Flaw
The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address...
CVE-2007-3571
The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address...
CVE-2007-3571
The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address...
Cross site scripting
Cross-site scripting XSS vulnerability in SAP Web Dynpro Java BC-WD-JAV in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web...
CVE-2007-3496
Cross-site scripting XSS vulnerability in SAP Web Dynpro Java BC-WD-JAV in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web...
CVE-2007-3255
Multiple cross-site request forgery CSRF vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via 1 a saved Workflow name or 2 the Content-Type HTTP header. NOTE: item 2 also...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via 1 a saved Workflow name; 2 a Workflow name, related to deletion of a Workflow template...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via 1 a saved Workflow name or 2 the Content-Type HTTP header. NOTE: item 2 also...
CVE-2007-3254
Multiple cross-site scripting XSS vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via 1 a saved Workflow name; 2 a Workflow name, related to deletion of a Workflow template...
CVE-2007-3255
CVE-2007-3255 affects Xythos Enterprise Document Manager (XEDM) and related products. Vulnerabilities allow remote authenticated users to perform actions as other users via CSRF: (1) a saved Workflow name and (2) Content-Type header manipulation. Affects XEDM <5.0.25.8 and 6.x
Apache Mod_Mem_Cache远程信息泄露漏洞
Apache是一款开放源代码的HTTP服务程序。 Apache包含的modmemcache模块存在信息泄露问题,远程攻击者可以利用漏洞获得对敏感数据的访问。 在使用modmemcache缓存部分小文件时,在部分条件下,会应答部分错误的HTTP头部数据,包括多个头字段,错误的ETag值,攻击者可以利用这些信息对系统进行进一步攻击。 Apache Software Foundation Apache 2.2.4 可参考如下安全公告: http://people.apache.org/covener/2.2.x-modmemcache-poolmgmt.diff...
[Full-disclosure] Safari XMLHttpRequest HTTP header injection
Westpoint Security Advisory --------------------------- Title: Safari XMLHttpRequest HTTP header injection Risk Rating: Low Platforms: MacOS and Windows Author: Richard Moore [email protected] Date: 25 June 2007 Advisory ID: wp-07-0002 URL: http://www.westpoint.ltd.uk/advisories/wp-07-0002.tx...
Design/Logic Flaw
http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service application crash via a negative value in the Content-Length HTTP header...
CVE-2007-3159
http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service application crash via a negative value in the Content-Length HTTP header...
CVE-2007-2556
SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For XFORWARDEDFOR HTTP header, as demonstrated by a request to the /nk/ URI...
Sql injection
SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For XFORWARDEDFOR HTTP header, as demonstrated by a request to the /nk/ URI...
Sql injection
Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a 1 nickname or 2 Id in a cookie, or 3 the X-Forwarded-For XFORWARDEDFOR HTTP header...
CVE-2007-2537
Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a 1 nickname or 2 Id in a cookie, or 3 the X-Forwarded-For XFORWARDEDFOR HTTP header...