Microsoft Windows MHTML URL Parsing Information Disclosure (MS08-048; CVE-2008-1448)

MHTML MIME Encapsulation of Aggregate HTML is an Internet standard that defines the MIME structure that is used to wrap HTML content. An information disclosure vulnerability has been reported in Outlook Express and Windows Mail due to a flaw in the MHTML protocol. The vulnerability is caused when...

CVE-2008-3161

Multiple cross-site scripting XSS vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Accept, 2 Accept-Language, 3 UA-CPU, 4 Accept-Encoding, 5 User-Agent, or 6 Cookie HTTP header. NOTE: the provenance of...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Accept, 2 Accept-Language, 3 UA-CPU, 4 Accept-Encoding, 5 User-Agent, or 6 Cookie HTTP header. NOTE: the provenance of...

CVE-2008-3161

Multiple cross-site scripting XSS vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Accept, 2 Accept-Language, 3 UA-CPU, 4 Accept-Encoding, 5 User-Agent, or 6 Cookie HTTP header. NOTE: the provenance of...

Apache HTTPd Arbitrary Long HTTP Headers DoS

No description provided by source. /usr/bin/perl exploit for apache apgetmimeheaderscore vuln adv is here: http://www.guninski.com/httpd1.html version: apache 2 2.0.49 apache 1 not tested. by bkbll bkbllcnhonker.net http://www.cnhonker.com tail -f /var/log/messages...

CVE-2008-2851

Multiple buffer overflows in OFF System before 0.19.14 allow remote attackers to have an unknown impact via unspecified vectors related to "parsing of http headers."...

CVE-2008-2851

Multiple buffer overflows in OFF System before 0.19.14 allow remote attackers to have an unknown impact via unspecified vectors related to "parsing of http headers."...

Buffer overflow

Multiple buffer overflows in OFF System before 0.19.14 allow remote attackers to have an unknown impact via unspecified vectors related to "parsing of http headers."...

CVE-2008-2851

CVE-2008-2851 concerns multiple buffer overflows in OFF System prior to 0.19.14 triggered through parsing of HTTP headers. Affected software is OFF System (pre-0.19.14); vendor/product details are not expanded beyond this version range in the provided documents. Root cause described as buffer ove...

CVE-2008-2851

Multiple buffer overflows in OFF System before 0.19.14 allow remote attackers to have an unknown impact via unspecified vectors related to "parsing of http headers."...

AzureSites CMS Multiple Remote Vulnerabilities

No description provided by source. AzureSites CMS - Multiple Vulnerabilities Vulnerabilities discovered by: LidlosesAuge Greetz to: -=Player=- , Suicide, g4ms3, enco, GPM, Free-Hack, Ciphercrew, h4ck-y0u Date: 26.05.2008 Vulnerabilities: 1. SQL Injection 1.1...

Azuresites CMS - Multiple Vulnerabilities

Azuresites CMS - Multiple Vulnerabilities AzureSites CMS - Multiple Vulnerabilities Vulnerabilities discovered by: LidlosesAuge Greetz to: -=Player=- , Suicide, g4ms3, enco, GPM, Free-Hack, Ciphercrew, h4ck-y0u Date: 26.05.2008 Vulnerabilities: 1. SQL Injection 1.1...

azuresites-sql.txt

AzureSites CMS - Multiple Vulnerabilities Vulnerabilities discovered by: LidlosesAuge Greetz to: -=Player=- , Suicide, g4ms3, enco, GPM, Free-Hack, Ciphercrew, h4ck-y0u Date: 26.05.2008 Vulnerabilities: 1. SQL Injection 1.1...

Azuresites CMS - Multiple Vulnerabilities

AzureSites CMS - Multiple Vulnerabilities Vulnerabilities discovered by: LidlosesAuge Greetz to: -=Player=- , Suicide, g4ms3, enco, GPM, Free-Hack, Ciphercrew, h4ck-y0u Date: 26.05.2008 Vulnerabilities: 1. SQL Injection 1.1...

Crlf injection

CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

CVE-2008-2497

CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

CVE-2008-2497

CVE-2008-2497 affects Mambo prior to 4.6.4, with a CRLF injection vulnerability that lets remote attackers inject arbitrary HTTP headers and perform HTTP response splitting via unspecified vectors. The connected documents confirm the affected software and the underlying CRLF issue, but do not pro...

Security Best Practice: Get Yourself Familiar with the Header Rejection Tool

Web servers and applications parse not only the URL, but also the rest of the HTTP header data. Wrong parsing can lead to buffer overrun attacks and other vulnerabilities. Some exploits use the HTTP headers to cause damage. The exploit can be carried in standard headers the Host header for exampl...

Novell eDirectory HTTP Headers Denial of Service (CVE-2008-0927)

Novell eDirectory is a Lightweight Directory Access Protocol LDAP directory-based identity management system that centralizes the management of user identities, access privileges and many other network resources. A denial of service vulnerability was identified in Novell eDirectory. The...

Novell eDirectory < 8.7.3 SP 10 / 8.8.2 HTTP headers DOS Vulnerability

No description provided by source. = Affected software : Editor : Novell Name : eDirectory Version : 8.7.3 SP 10 and 8.8.2 Services : TCP/8028 HTTP and TCP/8030 HTTPS = External references : http://www.novell.com/support/viewContent.do?externalId=3829452sliceId=1...