CVE-2005-0341

Apple Safari 1.2.4 does not obey the Content-type field in the HTTP header and renders text as HTML, which allows remote attackers to inject arbitrary web script or HTML and perform cross-site scripting XSS attacks...

CVE-2005-1391

Buffer overflow in the addport function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header...

CVE-2004-1578

Cross-site scripting XSS vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header...

CVE-2004-1578

The CVE-2004-1578 entry concerns Invision Power Board 2.0.0 with a cross-site scripting (XSS) vulnerability in index.php that allows an attacker to inject arbitrary web script or HTML via the Referer header in HTTP requests. Documented impact from sources like NVD and CVE lists is that remote att...

Mandrake Linux Security Advisory : squid (MDKSA-2005:034)

More vulnerabilities were discovered in the squid server : The LDAP handling of search filters was inadequate which could be abused to allow logins using severial variants of a single login name, possibly bypassing explicit access controls CVE-2005-0173. Minor problems in the HTTP header parsing...

CVE-2005-0341

CVE-2005-0341 affects Apple Safari 1.2.4. The vulnerability arises because Safari does not obey the Content-Type HTTP header, causing text to be rendered as HTML and enabling remote attackers to inject arbitrary script or HTML (XSS). No exploit specifics are provided in the connected documents. A...

SUSE-SA:2005:006: squid

The remote host is missing the patch for the advisory SUSE-SA:2005:006 squid. Squid is a feature-rich web-proxy with support for various web-related protocols. The last two squid updates from February the 1st and 10th fix several vulnerabilities. The impact of them range from remote...

Squid: Multiple vulnerabilities

Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other protocols, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Squid contains several...

Squid < 2.5.STABLE8 DoS

Binary data 2520.prm...

CVE-2004-2589

Gaim before 0.82 allows remote servers to cause a denial of service application crash via a long HTTP Content-Length header, which causes Gaim to abort when attempting to allocate memory...

CVE-2004-1578

Cross-site scripting XSS vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header...

CVE-2004-0646

Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as 1 modjrun and 2 modjrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields...

GLSA-200411-19 : Pavuk: Multiple buffer overflows

The remote host is affected by the vulnerability described in GLSA-200411-19 Pavuk: Multiple buffer overflows Pavuk contains several buffer overflow vulnerabilities in the code handling digest authentication and HTTP header processing. This issue is similar to GLSA 200407-19, but contains more...

GLSA-200411-14 : Kaffeine, gxine: Remotely exploitable buffer overflow

The remote host is affected by the vulnerability described in GLSA-200411-14 Kaffeine, gxine: Remotely exploitable buffer overflow KF of Secure Network Operations has discovered an overflow that occurs during the Content-Type header processing of Kaffeine. The vulnerable code in Kaffeine is reuse...

HTTP Header Value Remote Format String

The remote web server seems to be vulnerable to a remote format string attack based on the way it responds to a request containing a header whose value includes a format string. An anonymous attacker may be able to leverage this flaw to make the affected service crash or to execute arbitrary code...

FreeBSD : icecast -- HTTP header overflow (69)

The following package needs to be updated: icecast2 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg741c39571d6911d9a8040050fc56d258.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

ACROS Security: Unsanitized Session ID Cookie Allows Modifying Server Response

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2004-10-14-3 ------------------------------------------------------------------------- ASPR 2004-10-14-3: Unsanitized Session ID Cookie Allows Modifying Serv...

icecast -- HTTP header overflow

It is possible to execute remote code simply using HTTP request plus 31 headers followed by a shellcode that will be executed directly...

Icecast HTTP Header Processing Remote Overflow

The remote web server runs Icecast version 2.0.1 or older. Such versions are affected by an HTTP header buffer overflow vulnerability that may allow an attacker to execute arbitrary code on the remote host with the privileges of the Icecast server process. To exploit this flaw, an attacker needs ...

DasBlog Activity / Event Viewer Multiple HTTP Header XSS

The remote host is running dasBlog, a .NET blog system. According to its version number, it is vulnerable to multiple cross-site scripting issues. It is reported that versions up to and including 1.6.0 are vulnerable. The application does not sanitize the Referer and User-Agent HTTP headers. An...