GHSA-XXV8-PV43-57X5 PEAR core file overwrite vulnerability

PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite...

NetTransport 2.96L - Buffer Overflow (DEP Bypass) Exploit

Exploit for windows platform in category remote exploits Exploit Title: Buffer overflow in NetTransport Download Manager - Version 2.96L DEP Bypass CVE: CVE-2017-17968 Date: 28-12-2017 Software Link: http://xi-soft.com/downloads/NXSetupx86.zip Exploit Author: Author: Aloyce J. Makalanga Contact:...

CVE-2017-17849

A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response...

CVE-2016-3956

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...

Authorization

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...

Stack overflow

Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes ESI responses...

CVE-2016-2570

The Edge Side Includes ESI parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service assertion failure and daemon exit via a crafted XML document, related to esi/CustomParser.cc and...

Design/Logic Flaw

http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service assertion failure and daemon exit via a malformed response...

CVE-2013-4352

The cacheinvalidate function in modules/cache/cachestorage.c in the modcache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service NULL pointer dereference and daemon crash via vectors that trigger a missing hostna...

CVE-2013-4352

The cacheinvalidate function in modules/cache/cachestorage.c in the modcache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service NULL pointer dereference and daemon crash via vectors that trigger a missing hostna...

CVE-2013-6485

Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service application crash or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data...

CVE-2012-1180

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request...

CVE-2012-1180

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request...

CVE-2012-1180

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request...

Medium: nginx

Issue Overview: Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. Affected Packages: nginx Issue Correction: Run yum updat...

CVE-2010-0556

browser/login/loginprompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication,...

CVE-2010-0556

CVE-2010-0556 describes a cross-origin weakness in Google Chrome’s Password Manager where credentials stored for one site could be populated into an authentication dialog triggered by a third-party page (demonstrated via IMG src). Affected versions include Chrome 3.0.195.38 and 4.0.249.78; Chrome...

Buffer overflow

Buffer overflow in the browser kernel in Google Chrome before 2.0.172.33 allows remote HTTP servers to cause a denial of service application crash or possibly execute arbitrary code via a crafted response...

CVE-2009-2121

Buffer overflow in the browser kernel in Google Chrome before 2.0.172.33 allows remote HTTP servers to cause a denial of service application crash or possibly execute arbitrary code via a crafted response...

Mandriva Update for apache MDVSA-2008:195 (apache)

Check for the Version of apache OpenVAS Vulnerability Test Mandriva Update for apache MDVSA-2008:195 apache Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...