Ubuntu 4.10 / 5.04 : apache vulnerability (USN-160-2)

USN-160-1 fixed two vulnerabilities in the Apache 2 server. The old Apache 1 server was also vulnerable to one of the vulnerabilities CAN-2005-2088. Please note that Apache 1 is not officially supported in Ubuntu it is in the 'universe' component of the archive. For reference, this is the relevan...

CVE-2005-2830

Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."...

CVE-2005-2830

Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."...

CVE-2005-2830

CVE-2005-2830 is an information-disclosure vulnerability in Microsoft Internet Explorer 5.01/5.5/6 when using an HTTPS proxy that requires Basic Authentication, causing URLs to be sent in cleartext. The issue is documented in the HTTPS Proxy Vulnerability (CAN-2005-2830) and is addressed by Micro...

CVE-2005-4133

Sun Update Connection in Solaris 10, when configured to use a web proxy, may allow local users to obtain the proxy authentication password through an unspecified vector and proxy log files. The available sources describe the affected component and the impact (exposure of proxy credentials to loca...

H4-CREW-000003.txt

H4-CREW-000003 Advirosy: Superclick XSS via popup.php Software: Superclick servers on the internet Discovered by: h4 Crew severety: moderates investigations by the H4-Crew Impacts. 1cookie theif 2 hijacking XSS proxy xssproxy.sourceforge.net Discussion ========= H4-CREW-000003 Superclick Cross-Si...

up-imapproxy Literal DoS Vulnerability

The remote host is running at least one instance of up-imapproxy that does not properly handle IMAP literals. This flaw allows a remote attacker to crash the proxy, killing existing connections as well as preventing new ones, by using literals at unexpected times. OpenVAS Vulnerability Test $Id:...

HTTP version number overflow

It was possible to kill the web server by sending an invalid GET request with a too long HTTP version field A cracker may exploit this vulnerability to make your web server crash continually or even execute arbirtray code on your system. OpenVAS Vulnerability Test $Id: wwwtoolongversion.nasl 8023...

Simple Form Mail Relaying via Subject Tags Vulnerability

The target is running at least one instance of Simple Form which fails to remove newlines from variables used to construct message headers. SPDX-FileCopyrightText: 2004 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective righ...

Connect back to SOCKS5 server

It was possible to connect to the SOCKS5 server through itself. SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Compaq Web Based Management Agent Proxy Vulnerability

This host is running the Compaq Web Management Agent. This service can be used as a HTTP proxy. An attacker can use this to bypass firewall rules or hide the source of web-based attacks. SPDX-FileCopyrightText: 2002 Digital Defense Inc. Some text descriptions might be excerpted from a referenced...

Proxy accepts CONNECT requests to itself

The proxy allows the users to perform repeated CONNECT requests to itself. Note that if the proxy limits the number of connections from a single IP e.g. acl maxconn with Squid, it is protected against saturation and you may ignore this alert. SPDX-FileCopyrightText: 2005 Michel Arboi Some text...

CuteNews 1.4.1 - Shell Injection / Remote Command Execution

CuteNews 1.4.1 remote commands execution !-- body,td,th color: 00FF00; body backg...

SMS bombing(figure)-vulnerability warning-the black bar safety net

The phone and the network have long been inextricably linked, through the network, can send information directly to the phone, just now no free send SMS website, if you want the site to send text messages on your phone, you must first register the user, after confirmation before you can send...

squid -- FTP server response handling denial of service

A Secunia Advisory reports: M.A.Young has reported a vulnerability in Squid, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to an error in handling certain FTP server responses. This can be exploited to crash Squid by visiting a...

Apache Httpd < 2.0.55 : HTTP Request Spoofing

A flaw occured when using the Apache server as a HTTP proxy. A remote attacker could send a HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, causing Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server ...

BSD Command Shell, Find Tag Inline

Spawn a shell on an established connection proxy/nat safe This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 70 include Msf::Payload::Single include Msf::Payload::Bsd include...

Mandrake Linux Security Advisory : apache (MDKSA-2005:130)

Watchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A remote attacker could send an HTTP request with both a 'Transfer-Encoding: chunked' header and a 'Content-Length' header which would cause Apache to incorrectly handle and forward the body of the request in a w...

lucid_cms_1011_expl.txt

Lucid CMS 1.0.11a remote commands execution Lucid CMS V 1.0.11a possibly prior versions remote commands executiona script by rgod at a href="http://rgod.altervi...

DSA-828-1 squid - several

Bulletin has no description...