formmail (PHP) Upload file using CSS

Informations : °°°°°°°°°°°°°° Website : http://www.dtheatre.com/scripts/ Version : all Problem : Upload file PHP Code/Location : °°°°°°°°°°°°°°°°°°° formmail.php : ------------------------------------------------------------------ function checkreferer$referers if count$referers $found = false;...

Antologic Antolinux 1.0 - Administrative Interface NDCR Remote Command Execution

Antologic Antolinux 1.0 - Administrative Interface NDCR Remote Command Execution source: https://www.securityfocus.com/bid/9495/info It has been reported that Antologic Antolinux may be prone to a remote command execution vulnerability that may allow an attacker to execute arbitrary commands with...

CVE-2003-1186

Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allows remote attackers to execute arbitrary code via a long HTTP Referer header...

TelCondex SimpleWebserver 2.12.30210 build 3285 - HTTP Referer Remote Buffer Overflow

source: https://www.securityfocus.com/bid/8925/info A vulnerability has been reported in SimpleWebServer that may allow a remote attacker to cause a denial of service condition or execute arbitrary code on vulnerable host. The issue is reported to exist due to a lack of bounds checking by softwar...

TelCondex SimpleWebserver 2.12.30210 build 3285 - HTTP Referer Remote Buffer Overflow

TelCondex SimpleWebserver 2.12.30210 build 3285 - HTTP Referer Remote Buffer Overflow source: https://www.securityfocus.com/bid/8925/info A vulnerability has been reported in SimpleWebServer that may allow a remote attacker to cause a denial of service condition or execute arbitrary code on...

CVE-2003-0459

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites...

Moderate: Red Hat Security Advisory: : Updated KDE packages fix security issue

This erratum provides updated KDE packages that resolve a security issue in Konquerer. KDE is a graphical desktop environment for the X Window System. Konqueror is the file manager for the K Desktop Environment. George Staikos reported that Konqueror may inadvertently send authentication...

CVE-2003-0459

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites...

CVE-2003-0459

CVE-2003-0459 affects KDE Konqueror up to version 3.1.2, where credentials in URLs of the form user:password@host in the HTTP-Referer header are not removed. This may allow remote websites to steal user credentials for pages that link to them. The issue is a Kotlin? (not applicable) credential le...

Moderate: Red Hat Security Advisory: kdelibs security update

This erratum provides updated KDE packages that resolve a security issue in Konquerer. KDE is a graphical desktop environment for the X Window System. Konqueror is the file manager for the K Desktop Environment. George Staikos reported that Konqueror may inadvertently send authentication...

KDE Security Advisory: Konqueror Referrer Authentication Leak

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: Konqueror Referer Leaking Website Authentication Credentials Original Release Date: 2003-07-29 URL: http://www.kde.org/info/security/advisory-20030729-1.txt 0. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-04...

Sphera HostingDirector 1.02.03.0 - VDS Control Panel Account Configuration Modification

Sphera HostingDirector 1.02.03.0 - VDS Control Panel Account Configuration Modification source: https://www.securityfocus.com/bid/7896/info Sphera HostingDirector VDS Control Panel has been reported prone to a vulnerability where an attacker may make arbitrary account configuration modifications...

Apache Mod_Access_Referer 1.0.2 - Null Pointer Dereference Denial of Service

Apache ModAccessReferer 1.0.2 - Null Pointer Dereference Denial of Service source: https://www.securityfocus.com/bid/7375/info A vulnerability has been reported for the modaccessreferer Apache module. The problem occurs when parsing invalid HTTP referer header fields. If this vulnerability were t...

CVE-2002-2246

Cross-site scripting XSS vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header HTTPREFERER to a non-existent page, which is injected into the resulting 404 error page...

VisNetic WebSite XSS vulnerability through HTTP referer header

Visnetic WebSite XSS vulnerability through HTTP Referer header --------------------------------------------------------------------------------------------- = Author: Ory Segal - Sanctum inc. http://www.sanctuminc.com/ = Release date: 09/12/2002 = Vendor: Deerfield http://www.deerfield.com The...

Deerfield VisNetic WebSite 3.5.13.1 - Cross-Site Scripting

Deerfield VisNetic WebSite 3.5.13.1 - Cross-Site Scripting source: https://www.securityfocus.com/bid/6369/info A vulnerability has been discovered in VisNetic Website when generating a 404 page for a non-existent resources. The issue is due to insufficient sanitization of the HTTP 'referer' heade...

Deerfield VisNetic WebSite 3.5.13.1 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/6369/info A vulnerability has been discovered in VisNetic Website when generating a 404 page for a non-existent resources. The issue is due to insufficient sanitization of the HTTP 'referer' header. It is possible to cause arbitrary code to be executed...

Slash-based bulletin boards contain a "quick login" feature that may disclose username and password

Overview Slash-based bulletin boards contain a vulnerability that may cause users to disclose their username and password to third-party sites. Description As described in the Slashcode FAQ, "Slash is a database-driven news and message board, using Perl, Apache and MySQL." Slash allows web site...

GWScripts News Publisher 1.0 - 'author.file' Write

source: https://www.securityfocus.com/bid/1621/info It is possible for a remote user to add an author to the author index author.file in GWScripts News Publisher, a web news publisher. This can be done by requesting the following raw HTTP request using any arbitrary username and password: POST...