5905 matches found
CVE-2007-0420
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold are affected by a vulnerability in which remote attackers can obtain sensitive information through malformed HTTP requests that reveal data from prior requests. The issue centers on information disclosure and is scored as medium (CVSS base 5.0, Network a...
Input validation
Acunetix Web Vulnerability Scanner WVS 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service application crash via multiple HTTP requests containing invalid Content-Length values...
CVE-2007-0120
Acunetix Web Vulnerability Scanner WVS 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service application crash via multiple HTTP requests containing invalid Content-Length values...
CVE-2007-0120
Acunetix Web Vulnerability Scanner WVS 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service application crash via multiple HTTP requests containing invalid Content-Length values...
CVE-2007-0120
CVE-2007-0120 affects Acunetix Web Vulnerability Scanner (WVS) version 4.0 Build 20060717 and earlier. The vulnerability is a denial of service caused by remote attackers sending multiple HTTP requests with invalid Content-Length values, leading to an application crash. Public details in the conn...
[SA23537] SPINE Cross-Site Request Forgery Vulnerability
TITLE: SPINE Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA23537 VERIFY ADVISORY: http://secunia.com/advisories/23537/ CRITICAL: Less critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: SPINE 1.x http://secunia.com/product/13145/ DESCRIPTION:...
Trac: Cross-site request forgery
Background Trac is a wiki and issue tracking system for software development projects. Description Trac allows users to perform certain tasks via HTTP requests without performing correct validation on those requests. Impact An attacker could entice an authenticated user to browse to a specially...
CVE-2006-6303
The readmultipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service infinite loop via crafted HTTP requests, a different issue than CVE-2006-5467...
CVE-2006-6303
The readmultipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service infinite loop via crafted HTTP requests, a different issue than CVE-2006-5467...
CVE-2006-6303
The readmultipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service infinite loop via crafted HTTP requests, a different issue than CVE-2006-5467...
NaviCOPA Web Server fails to properly handle certain HTTP requests
Overview A vulnerability exists in the NaviCOPA Web Server. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code. Description NaviCOPA Web Server is an HTTP server that is available for multiple versions of Microsoft Windows including Windows 98, NT, 2000,...
GLSA-200611-04 : Bugzilla: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200611-04 Bugzilla: Multiple Vulnerabilities The vulnerabilities identified in Bugzilla are as follows: Frederic Buclin and Gervase Markham discovered that input passed to various fields throughout Bugzilla were not properly...
Debian DSA-901-1 : gnump3d - programming error
Several vulnerabilities have been discovered in gnump3d, a streaming server for MP3 and OGG files. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2005-3349 Ludwig Nussel discovered several temporary files that are created with predictable filenames in a...
Moodle < 1.6.2 Multiple Vulnerabilities
Binary data 3742.prm...
Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)"
Sending arbitrary HTTP requests with Flash 7/8 +IE 6.0 Amit Klein, August 2006 The trick ========= In 1, I showed how to forge parts of HTTP requests containing CRs and LFs using Flash. In that write-up, the data was part of the HTTP body section. However, combining the Content-Length overriding...
CVE-2006-4134
Unspecified vulnerability related to a "design flaw" in SAP Internet Graphics Service IGS 6.40 and earlier and 7.00 and earlier allows remote attackers to cause a denial of service service shutdown via certain HTTP requests. NOTE: This information is based upon a vague initial disclosure. Details...
CVE-2006-4134
SAP Internet Graphics Service (IGS) affects 6.40 and earlier, and 7.00 and earlier. CVE-2006-4134 describes an unspecified design-flaw that enables remote attackers to cause a denial of service (service shutdown) via certain HTTP requests. Related entries (CVE-2006-6345 and CVE-2006-6346) describ...
Multiple SAP Internet Graphics Service security vulnerabilities
Buffer overflow and DoS conditions on HTTP requests parsing...
MyBulletinBoard (MyBB) < 1.1.3 Remote Code Execution Exploit
No description provided by source. !/usr/bin/perl Tue Jun 13 12:37:12 CEST 2006 [email protected] Exploit HOWTO - read this before flood my Inbox you bitch! - First you need to create the special user to do this use: ./mybibi.pl --host=http://www.example.com --dir=/mybb -1 this step needs a graph...
D-Link Access-Point <= 2.10na (DWL Series) Config Disclosure Vuln
No description provided by source. ADVISORY/0206 - D-Link Wireless Access-Point DWL-2100ap INTRUDERS TIGER TEAM SECURITY - SECURITY ADVISORY http://www.intruders.com.br/ , http://www.intruders.org.br/ Making a HTTP request to the /cgi-bin/ directory, the Web server will return error 404 Page not...