CVE-2006-3124

CVE-2006-3124 describes a buffer overflow in Streamripper’s HTTP header parsing (lib/http.c) that could be triggered by crafted HTTP headers, potentially leading to denial of service or arbitrary code execution. ConnectedOpenVAS entries and Debian/OSS advisories reference Streamripper and corrobo...

CVE-2006-4111

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...

CVE-2006-4111

CVE-2006-4111 affects the Ruby on Rails framework prior to version 1.1.5. The vulnerability arises from a File Upload request that supplies an HTTP header which modifies the LOAD_PATH variable, enabling a remote attacker to execute Ruby code with substantial impact. The issue is distinct from CVE...

CVE-2006-4035

SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

CVE-2006-4035

SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

DSA-1134-1 mozilla-thunderbird - several vulnerabilities

Bulletin has no description...

CVE-2006-3950

SQL injection vulnerability in x-statistics.php in X-Scripts X-Statistics 1.20 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header...

Invision Power Board classes/class_session.php CLIENT_IP HTTP Header SQL Injection

According to its banner, the installation of Invision Power Board on the remote host reportedly fails to sanitize input to the 'CLIENTIP' HTTP request header before using it in database queries. An unauthenticated attacker may be able to leverage this issue to disclose sensitive information, modi...

Invision Power Board 2.1 <= 2.1.6 sql injection

RST/GHC advisory41 Product: Invision Power Board Version: 2.1 = 2.1.6 Vendor: INVISION Power Service URL: http://www.invisionpower.com VULNERABILITY CLASS: SQL injection Product Description Invision Power Board, an award-winning scaleable bulletin board system, written in PHP, uses SQL database...

DSA-1120 mozilla-firefox - several vulnerabilities

Bulletin has no description...

[SECURITY] [DSA 1118-1] New Mozilla packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1118-1 [email protected] http://www.debian.org/security/ Martin Schulze July 22nd, 2006 http://www.debian.org/security/faq -...

CVE-2006-3775

SQL injection vulnerability in the init function in classsession.php in MyBB aka MyBulletinBoard 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header $SERVER'HTTPCLIENTIP' variable, as utilized by index.php...

MyBulletinBoard (MyBB) <= 1.1.5 (CLIENT-IP) SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================================= MyBulletinBoard MyBB = 1.1.5 CLIENT-IP SQL Injection Exploit ================================================================= !/usr/bin/php -q -d shortopentag=on ? echo...

MyBulletinBoard (MyBB) 1.1.5 - CLIENT-IP SQL Injection

MyBulletinBoard MyBB 1.1.5 - CLIENT-IP SQL Injection !/usr/bin/php -q -d shortopentag=on ? echo "MyBulletinBoard MyBB = 1.1.5 'CLIENT-IP' SQL injection / create new admin exploit\n"; echo "by rgod [email protected]\n"; echo "site: http://retrogod.altervista.org\n"; echo "dork, version specific:...

Current Versions Release History

Current Versions Release History 5.1c2 30-Jun-06 Valid Core License Keys: issued between 01-Jun-2004 and 31-Oct-2004, or on or after 01-Jun-2005. Admin: Lawful Intercept for Signals is implemented. WSSP: now all string prefixes HTML, JAVASCRIPT, etc. support numeric data. XIMSS: the Signal...

Preemptive Protection against Nagios "Content-Length" Header Buffer Overflow Vulnerability

Nagios is an open source host, service and network monitoring program. The product?s functionality is implemented through a number of CGI programs. A vulnerability has been identified in Nagios, specifically due to buffer overflow errors in various CGI scripts that do not properly process a...

CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

Integer overflow

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...

CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a content length Content-Length HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162...