Lucene search
K

6240 matches found

RedHat Linux
RedHat Linux
added 2007/10/08 7:48 a.m.5 views

URL spoof in address bar

KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property...

4.3CVSS5.9AI score0.01831EPSS
Exploits0References4
NVD
NVD
added 2007/10/04 5:17 p.m.15 views

CVE-2007-5198

Buffer overflow in the redir function in checkhttp.c in Nagios Plugins before 1.4.10, when running with the -f follow option, allows remote web servers to execute arbitrary code via Location header responses redirects with a large number of leading "L" characters...

6.8CVSS7.6AI score0.08017EPSS
Exploits1References20
Prion
Prion
added 2007/10/04 5:17 p.m.12 views

Buffer overflow

Buffer overflow in the redir function in checkhttp.c in Nagios Plugins before 1.4.10, when running with the -f follow option, allows remote web servers to execute arbitrary code via Location header responses redirects with a large number of leading "L" characters...

6.8CVSS7.8AI score0.08017EPSS
Exploits1References20Affected Software1
UbuntuCve
UbuntuCve
added 2007/10/04 5:17 p.m.21 views

CVE-2007-5198

Buffer overflow in the redir function in checkhttp.c in Nagios Plugins before 1.4.10, when running with the -f follow option, allows remote web servers to execute arbitrary code via Location header responses redirects with a large number of leading "L" characters...

6.8CVSS6.4AI score0.08017EPSS
Exploits1References2
Prion
Prion
added 2007/10/01 8:17 p.m.16 views

Memory corruption

libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service crash via a nudge message that triggers an access of "an invalid memory location."...

4.3CVSS6.5AI score0.01761EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2007/10/01 8:0 p.m.36 views

CVE-2007-4996

libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service crash via a nudge message that triggers an access of "an invalid memory location."...

6.2AI score0.01761EPSS
Exploits0References9
Exploit DB
Exploit DB
added 2007/09/29 12:0 a.m.23 views

Tor < 0.1.2.16 - ControlPort Remote Rewrite

t.bat which will run calc.exe on next boot. This is not very silent though, t.bat will contain something like 45 rows of crap which the user will see in about 1 sec, drop me a mail if you have a better way. Either have a TOR user visit this HTML or inject it into her traffic when you're a TOR exi...

7.4AI score
Exploits0
FreeBSD
FreeBSD
added 2007/09/28 12:0 a.m.41 views

nagios-plugins -- Long Location Header Buffer Overflow Vulnerability

A Secunia Advisory reports: The vulnerability is caused due to a boundary error within the redir function in checkhttp.c when processing HTTP Location: header information. This can be exploited to cause a buffer overflow by returning an overly long string in the "Location:" header to a vulnerable...

6.8CVSS6.4AI score0.08017EPSS
Exploits1References2
CVE
CVE
added 2007/09/11 6:0 p.m.71 views

CVE-2007-4812

CVE-2007-4812 affects Apple Safari 3.0.3 (522.15.5) and earlier builds up to Beta Update 3.0.4. The vulnerability is a buffer overflow triggered by setting document.location.hash to an excessively long string, allowing remote attackers to cause a crash (DoS) and possibly other unspecified effects...

5CVSS6.8AI score0.0304EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2007/08/14 6:17 p.m.1 views

DEBIAN-CVE-2007-4337

Multiple buffer overflows in the httplibparsescheader function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long 1 Location and 2 Server HTTP headers, a different vulnerability than CVE-2006-3124...

5.8CVSS8.3AI score0.03506EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2007/08/14 6:0 p.m.41 views

CVE-2007-4337

Multiple buffer overflows in the httplibparsescheader function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long 1 Location and 2 Server HTTP headers, a different vulnerability than CVE-2006-3124...

5.8CVSS7.4AI score0.03506EPSS
Exploits0
NVD
NVD
added 2007/08/08 1:17 a.m.17 views

CVE-2007-4196

icat in Brian Carrier The Sleuth Kit TSK before 2.09 misinterprets a certain memory location as the holder of a loop iteration count, which allows user-assisted remote attackers to cause a denial of service long loop and prevent examination of certain NTFS files via a malformed NTFS image...

4.3CVSS6.5AI score0.01246EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2007/08/08 1:17 a.m.24 views

CVE-2007-4196

icat in Brian Carrier The Sleuth Kit TSK before 2.09 misinterprets a certain memory location as the holder of a loop iteration count, which allows user-assisted remote attackers to cause a denial of service long loop and prevent examination of certain NTFS files via a malformed NTFS image...

4.3CVSS6AI score0.01246EPSS
Exploits0References1
CVE
CVE
added 2007/08/08 1:11 a.m.47 views

CVE-2007-4196

The vulnerability CVE-2007-4196 affects icat in The Sleuth Kit (TSK) prior to 2.09. The flaw arises when icat misinterprets a memory location as the loop iteration counter, enabling user-assisted remote attackers to trigger a long loop DoS and to hinder examination of certain NTFS files via a mal...

4.3CVSS6.5AI score0.01246EPSS
Exploits0References5Affected Software1
Exploit DB
Exploit DB
added 2007/08/06 12:0 a.m.51 views

Prozilla Pub Site Directory - 'Directory.php?cat' SQL Injection

--==+================================================================================+==-- --==+ Prozilla Pub Site Directory SQL Injection Vulnerbility +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE: prozilla.com DORK...

7.4AI score
Exploits0
Prion
Prion
added 2007/07/24 12:30 a.m.35 views

Cross site request forgery (csrf)

request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service daemon crash by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault...

5.8CVSS6.6AI score0.08072EPSS
Exploits2References13Affected Software1
Debian CVE
Debian CVE
added 2007/07/24 12:0 a.m.34 views

CVE-2007-3947

request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service daemon crash by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault...

5.8CVSS6.2AI score0.08072EPSS
Exploits2
securityvulns
securityvulns
added 2007/07/15 12:0 a.m.24 views

Opera/Konqueror URL spoofing

By using data: URL it's possible to spoof page location...

1.4AI score
Exploits0References1Affected Software2
Prion
Prion
added 2007/07/03 10:30 a.m.24 views

Cross site scripting

Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, ...

8.5CVSS6.1AI score0.01502EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2007/06/06 9:30 p.m.21 views

Code injection

Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks...

9.3CVSS7.2AI score0.19976EPSS
Exploits1References9Affected Software1
Rows per page
Query Builder