Sun Web Proxy multiple buffer overflows

Multiple buffer overflows in SOCKS server...

cisco-input.txt

Cisco CallManager 4.1 Input Validation Vulnerability scip AG Vulnerability ID 2977 03/13/2007 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2977 I. INTRODUCTION Cisco CallManager, short CCM, is a professional voice-over-IP solution that tracks active components, including among others phones,...

Privilege escalation

The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol WPAD without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet...

Squid Proxy FTP URI远程拒绝服务漏洞

Squid是一款开放源代码的代理服务器。 Squid处理FTP URI存在安全问题，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 构建恶意的FTP URI，在让Squid处理时，可导致代理服务器崩溃： ftp://www.example.com/sample/directory;type=d Squid Web Proxy Cache 2.6.STABLE6 Squid Web Proxy Cache 2.6.STABLE5 Squid Web Proxy Cache 2.6.STABLE4 Squid Web Proxy Cache 2.6.STABLE3 Squid Web...

[SECURITY] Fedora Core 5 Update: squid-2.5.STABLE14-3.FC5

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

PT-2006-5778 · Matrix · Matrix

Name of the Vulnerable Software and Affected Versions: Matrix versions after 3.8 Description: The issue allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq content src parameter. This can be used to access arbitrary sites with the server's IP...

PT-2006-5777 · Mysource · Mysource Matrix +1

Name of the Vulnerable Software and Affected Versions: MySource Matrix versions 3.8 and earlier MySource versions 2.x Description: The issue allows remote attackers to use the application as an HTTP proxy server via the sq remote page url parameter, enabling access to arbitrary sites with the...

CVE-2006-4450

usercpavatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request...

CVE-2006-4450

usercpavatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request...

CVE-2006-4450

CVE-2006-4450 affects PHPBB 2.0.20 when avatar uploading is enabled: the usercp_avatar.php avatarurl parameter is used to fetch a URL via HTTP GET, enabling an attacker to co-opt the server as a web proxy. The public description specifies the exploit path and impact as a proxy-like use, with CVSS...

[SA21438] MojoGallery "admin.cgi" Cross-Site Scripting Vulnerabilities

---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...

[Full-disclosure] [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting

F5 FirePass 4100 prior 6.x multiple Cross Site Scripting scip AG Vulnerability ID 2352 07/04/2006 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2352 I. INTRODUCTION F5 FirePass is an appliance which allows a remote communication between SSL-VPN endpoints. This secure connectivity to corporate...

CentOS 3 / 4 : squid (CESA-2005:766)

An updated Squid package that fixes security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Squid is a full-featured Web proxy cache. A bug was found in the way Squid displays error messages. A remote attacker could...

GLSA-200606-05 : Pound: HTTP request smuggling

The remote host is affected by the vulnerability described in GLSA-200606-05 Pound: HTTP request smuggling Pound fails to handle HTTP requests with conflicting 'Content-Length' and 'Transfer-Encoding' headers correctly. Impact : An attacker could exploit this vulnerability by sending HTTP request...

CVE-2005-4806

CVE-2005-4806 affects Sun Java System Web Proxy Server 3.6 SP7 and earlier. The vulnerability is described as multiple unspecified remote vulnerabilities that allow an attacker to cause a denial of service (unresponsive service) via unknown vectors. The provided sources identify the affected prod...

CVE-2005-4806

Multiple unspecified vulnerabilities in Sun Java System Web Proxy Server 3.6 SP7 and earlier allow remote attackers to cause a denial of service unresponsive service via unknown vectors...

Write-up by Amit Klein: "IE + some popular forward proxy servers = XSS, defacement (browser cache poisoning)"

IE + some popular forward proxy servers = XSS, defacement browser cache poisoning Or "Exploiting the XmlHttpRequest object in IE" part II Amit Klein, May 2006 Preface ======= When I published my Exploiting the XmlHttpRequest object in IE - Referrer spoofing and a lot more..." 1 paper, I only...

Code injection

Unspecified vulnerability in the 1 web cache or 2 web proxy in Fujitsu NetShelter/FW allows remote attackers to cause a denial of service device unresponsiveness via certain DNS packets, as demonstrated by the OUSPG PROTOS DNS test suite...

CVE-2006-2240

Unspecified vulnerability in the 1 web cache or 2 web proxy in Fujitsu NetShelter/FW allows remote attackers to cause a denial of service device unresponsiveness via certain DNS packets, as demonstrated by the OUSPG PROTOS DNS test suite...

CVE-2006-2240

Unspecified vulnerability in the 1 web cache or 2 web proxy in Fujitsu NetShelter/FW allows remote attackers to cause a denial of service device unresponsiveness via certain DNS packets, as demonstrated by the OUSPG PROTOS DNS test suite...