ACROS Security: Unsanitized Session ID Cookie Allows Modifying Server Response

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2004-10-14-3 ------------------------------------------------------------------------- ASPR 2004-10-14-3: Unsanitized Session ID Cookie Allows Modifying Serv...

icecast -- HTTP header overflow

It is possible to execute remote code simply using HTTP request plus 31 headers followed by a shellcode that will be executed directly...

Icecast HTTP Header Processing Remote Overflow

The remote web server runs Icecast version 2.0.1 or older. Such versions are affected by an HTTP header buffer overflow vulnerability that may allow an attacker to execute arbitrary code on the remote host with the privileges of the Icecast server process. To exploit this flaw, an attacker needs ...

DasBlog Activity / Event Viewer Multiple HTTP Header XSS

The remote host is running dasBlog, a .NET blog system. According to its version number, it is vulnerable to multiple cross-site scripting issues. It is reported that versions up to and including 1.6.0 are vulnerable. The application does not sanitize the Referer and User-Agent HTTP headers. An...

Mozilla Browser Large HTTP Header Handling Overflow (deprecated)

Binary data 1321.prm...

LogMeIn 'cfgadvanced.html' HTTP Header Injection

Binary data 5045.prm...

ClamAV < 0.88.2 HTTP Header Remote Overflow (deprecated)

Binary data 3525.prm...

MailEnable 1.1x - Content-Length Denial of Service

MailEnable 1.1x - Content-Length Denial of Service source: https://www.securityfocus.com/bid/10838/info MailEnable is reported prone to a remote denial of service vulnerability. This vulnerability is reported to exist in the MailEnable HTTP header parsing code. When reading a large content-length...

CVE-2004-0740

The HTTP server in Lexmark T522 and possibly other models allows remote attackers to cause a denial of service server crash, reload, or hang via an HTTP header with a long Host field, possibly triggering a buffer overflow...

XITAMI invalid request endless loop

If HTTP header doesn't contain ':' server goes into endless loop...

FreeBSD : Pavuk HTTP Location header overflow (137)

The following package needs to be updated: pavuk %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg76904dceccf311d8babb000854d03344.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-20...

IceCast buffer overflow

Authorization: HTTP header buffer overflow...

Invision Power Board (IP.Board) &lt; 1.3.1 - Design Error

IP.Board Design Error Vendor: Invision Power Services Product: IP.Board Version: = 1.3.1 Website: http://www.invisionpower.com/ BID: 10559 Description: Invision Power Board IPB is a professional forum system that has been built from the ground up with speed and security in mind, taking advantage ...

phpBB 2.0.8a and lower - IP spoofing vulnerability

Advisory Name : phpBB 2.0.8a and lower - IP spoofing vulnerability Release Date : Apr 18, 2004 Application : phpBB Version : phpBB 2.0.8a and previous versions Platform : PHP Vendor URL : http://www.phpbb.com/ Author : Wang / SRR Project Group of Ready Response [email protected] Overview A...

CVE-2004-1950

phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses...

MPlayer 0.9/1.0 - Remote HTTP Header Buffer Overflow

source: https://www.securityfocus.com/bid/10008/info It has been reported that MPlayer is prone to a remote HTTP header buffer overflow vulnerability. This issue is due to a failure of the application to properly verify buffer bounds on the 'Location' HTTP header during parsing. Successful...

MPlayer 0.91.0 - Remote HTTP Header Buffer Overflow

MPlayer 0.91.0 - Remote HTTP Header Buffer Overflow source: https://www.securityfocus.com/bid/10008/info It has been reported that MPlayer is prone to a remote HTTP header buffer overflow vulnerability. This issue is due to a failure of the application to properly verify buffer bounds on the...

GetWare Web Server Component - Content-Length Value Remote Denial of Service

source: https://www.securityfocus.com/bid/9451/info The GetWare Web Server component has been reported prone to a remote denial of service vulnerability. It has been reported that the issue will present itself when the affected web server receives malicious HTTP requests that contain negative...

GetWare Web Server Component - Content-Length Value Remote Denial of Service

GetWare Web Server Component - Content-Length Value Remote Denial of Service source: https://www.securityfocus.com/bid/9451/info The GetWare Web Server component has been reported prone to a remote denial of service vulnerability. It has been reported that the issue will present itself when the...

TelCondex SimpleWebserver Buffer Overflow

TelCondex SimpleWebserver Buffer Overflow ========================================= The TelCondex SimpleWebserver 2.12.30210 Build 3285 is vulnerable to a remote executable buffer overflow, due to missing length check on the referer-variable of the HTTP-header. It is possible to overwrite the...