3627 matches found
liberoit-xss.txt
The Italian ISP Libero.it not check the HTTP POST Parameter "pQuery" on search query and displays the content of this variable without modification within the html form area. Security problems on Libero's 155.it allows attackers to conduct XSS attacks for the following URL:...
DEBIAN-CVE-2007-4174
Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...
Authentication flaw
Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...
CVE-2007-4174
Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...
CVE-2007-4174
Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...
CVE-2007-3567
MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests...
Cross site request forgery (csrf)
The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 RC1 allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request...
Authentication flaw
MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests...
CVE-2007-3570
The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 RC1 allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request...
CVE-2007-3567
MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests...
CVE-2007-3567
CVE-2007-3567 affects MySQLDumper 1.21b through 1.23 REV227. The vulnerability stems from a flawed “Limit GET” statement in the .htaccess authentication mechanism, allowing remote attackers to bypass authentication via HTTP POST requests. Impact is partial confidentiality and integrity and partia...
CVE-2007-3570
The CVE-2007-3570 issue affects the Linux Access Gateway component of Novell Access Manager prior to 3.0 SP1 Release Candidate 1. The vulnerability allows remote attackers to bypass unspecified security controls by sending Fullwidth/Halfwidth Unicode encoded data in an HTTP POST request. Document...
CVE-2007-3570
The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 RC1 allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request...
Cross site request forgery (csrf)
The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic...
Tivoli Provisioning Manager for OS Deployment multiple security vulnerabilities
Multiple vulnerabilities on parsing HTTP POST requests...
IBM Tivoli Provisioning Manager for OS Deployment DoS
Invalid handling of HTTP POST multipart/form-data requests to 8080/tcp or 443/tcp ports...
CVE-2007-1868
The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote attackers to execute arbitrary code or cause a denial of service daemon crash via crafted POST requests to port...
bmforum漏洞exp
No description provided by source. ?php printr" +------------------------------------------------------------------+ Exploit For Blue Magic Forum All Version Fuck Register Global && Magic Quote BY 拖鞋王子 Mokfly 媒婆X Just For Fun : +------------------------------------------------------------------+...
CVE-2006-6773
pages/register/register.php in Fishyshoop 0.930 beta allows remote attackers to create arbitrary administrative users by setting the isadmin HTTP POST parameter to 1...
CVE-2006-6773
pages/register/register.php in Fishyshoop 0.930 beta allows remote attackers to create arbitrary administrative users by setting the isadmin HTTP POST parameter to 1...