7636 matches found
CVE-2007-5034
ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...
CVE-2007-5034
ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...
CVE-2007-5034
CVE-2007-5034 affects ELinks prior to 0.11.3. When sending a POST over HTTPS via a proxy, the body and headers of the POST are appended to the CONNECT request in cleartext, enabling potential disclosure of sensitive data. Impact: information disclosure via TLS-protected traffic when a HTTPS proxy...
CVE-2007-5034
ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...
CVE-2007-5034
ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...
Airsensor M520 HTTPD Remote Preauth DoS / BOF PoC
No description provided by source. !/usr/bin/perl -w Airsensor M520 HTTPD Remote Preauth Denial Of Service and Buffer Overflow PoC The vulnerability is caused due to an unspecified error in the cgis files filter used for configure propierties. This can be exploited by sending a specially crafted...
airsensor-dos.txt
!/usr/bin/perl -w Airsensor M520 HTTPD Remote Preauth Denial Of Service and Buffer Overflow PoC The vulnerability is caused due to an unspecified error in the cgis files filter used for configure propierties. This can be exploited by sending a specially crafted HTTPS request necessary...
Airsensor M520 HTTPD Remote Preauth DoS / BOF PoC
Exploit for hardware platform in category dos / poc ================================================= Airsensor M520 HTTPD Remote Preauth DoS / BOF PoC ================================================= !/usr/bin/perl -w Airsensor M520 HTTPD Remote Preauth Denial Of Service and Buffer Overflow PoC...
Airsensor M520 - HTTPd Remote Denial of Service / Buffer Overflow (PoC)
!/usr/bin/perl -w Airsensor M520 HTTPD Remote Preauth Denial Of Service and Buffer Overflow PoC The vulnerability is caused due to an unspecified error in the cgis files filter used for configure propierties. This can be exploited by sending a specially crafted HTTPS request necessary...
Airsensor M520 - HTTPd Remote Denial of Service Buffer Overflow (PoC)
Airsensor M520 - HTTPd Remote Denial of Service Buffer Overflow PoC !/usr/bin/perl -w Airsensor M520 HTTPD Remote Preauth Denial Of Service and Buffer Overflow PoC The vulnerability is caused due to an unspecified error in the cgis files filter used for configure propierties. This can be exploite...
Web sites may transmit authentication tokens unencrypted
Overview Web services that rely on cookies for authentication may be vulnerable to an authentication bypass vulnerability. Some web sites transmit authentication material often cookies without encrypting the entire session, even when the authentication material is initially set over an encrypted...
Option to disable "secure" cookie when using HTTPS just for login page
Confluence's "remember me" tickbox doesn't work if the login page is secure, but the rest of the application is unsecured. Seraph's CookieUtils.setCookie method create a secure cookie ref|http://www.apps.ietf.org/rfc/rfc2965.htmlpage-7 if the request had a secure URL, and this cookie isn't sent b...
Option to disable "secure" cookie when using HTTPS just for login page
Confluence's "remember me" tickbox doesn't work if the login page is secure, but the rest of the application is unsecured. Seraph's CookieUtils.setCookie method create a secure cookie ref|http://www.apps.ietf.org/rfc/rfc2965.htmlpage-7 if the request had a secure URL, and this cookie isn't sent b...
iDefense Security Advisory 07.17.07: IBM Tivoli Provisioning Manager for OS Deployment TFTP Blocksize DoS Vulnerability
IBM Tivoli Provisioning Manager for OS Deployment TFTP Blocksize DoS Vulnerability iDefense Security Advisory 07.17.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 17, 2007 I. BACKGROUND IBM Corp.'s Tivoli Provisioning Manager for OS Deployment is a network boot server that...
SAP Message Server heap buffer overflow
Overview The SAP Message Server contains a flaw that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description The SAP Message Server is used to exchange and regulate messages between servers in a SAP network. A heap-based buffer...
Internet Communication Manager Denial Of Service Attack
======= Summary ======= Name: Internet Communication Manager Denial Of Service Attack Release Date: 5 July 2007 Reference: NGS00484 Discover: Mark Litchfield [email protected] Vendor: SAP Vendor Reference: SECRES-287 Systems Affected: Confirmed on Windows unconfirmed on NIX Risk: High Status:...
[Full-disclosure] Windows Oday release
dear all SChannel Off-By-One Heap Corruption =================================== Discovery Date: 28th August 2006 Date reported to Microsoft: 19th March 2007 Summary: The Secure Channel SChannel library on WinXP-SP1/SP2 is vulnerable to a off-by-one heap buffer overwrite. The SChannel library...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets Advisory ID: cisco-sa-20070522-SSL http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml Revision 1.0 For Public Release 2007 May 22 1300 UTC GMT -...
SOL5534 - Apache mod_proxy message format vulnerability - CAN-2004-0700
Vulnerability description Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled...
garennes-rfi.txt
Garennes 0.6.1 = Remote File Include Vulnerablites D.Script: https://adullact.net/frs/download.php/672/garennes-easyphp-0.6.1.zip Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc Exploit:Path/cpe/index.php?repertoireconfig=Shell Exploit:Path/direction/index.php?repertoireconfig=She...