2770 matches found
security flaw
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF %0a bytes in the username attribute...
security flaw
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF %0a bytes in the username attribute...
Ruby CGI multipart parsing DoS
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and...
security flaw
The ispathabsolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service CPU consumption by tight loop via a "...." URL in an HTTP request...
DEBIAN-CVE-2005-2874
The ispathabsolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service CPU consumption by tight loop via a "...." URL in an HTTP request...
security flaw
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a certain HTTP request...
security flaw
Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service CPU consumption via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters...
SureCom EP-9510AXEP-4504AX Network Device - Malformed Web Authorisation Request Denial of Service (2)
SureCom EP-9510AXEP-4504AX Network Device - Malformed Web Authorisation Request Denial of Service 2 // source: https://www.securityfocus.com/bid/9795/info An issue in the handling of specific web requests by SureCom network devices has been identified. By placing a malformed request to the web...
DEBIAN-CVE-2003-1083
Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request...
PT-2002-2538 · Atp · Atophttpd
Name of the Vulnerable Software and Affected Versions: ATPhttpd versions 0.4b and earlier Description: The issue is an off-by-one buffer overflow in the sock gets function in sockhelp.c, which allows remote attackers to execute arbitrary code via a long HTTP GET request. Recommendations: For...
Perception LiteServe 2.0 - CGI Source Disclosure
source: https://www.securityfocus.com/bid/6188/info By constructing a malicious web request, it is possible for a remote attacker to disclose the source code of CGI scripts. Information gained through exploiting this issue may aid an attacker in launching further attacks against the target system...
Perception LiteServe 2.0 - CGI Source Disclosure
Perception LiteServe 2.0 - CGI Source Disclosure source: https://www.securityfocus.com/bid/6188/info By constructing a malicious web request, it is possible for a remote attacker to disclose the source code of CGI scripts. Information gained through exploiting this issue may aid an attacker in...
Mollensoft Software Enceladus Server Suite 2.6.13.9 - Directory Traversal
Mollensoft Software Enceladus Server Suite 2.6.13.9 - Directory Traversal source: https://www.securityfocus.com/bid/6338/info It has been reported that Enceladus fails to properly sanitize web requests. By sending a malicious web request to the vulnerable server, using directory traversal...
MailReader.com 2.3.x - 'NPH-MR.cgi' File Disclosure
source: https://www.securityfocus.com/bid/6055/info A vulnerability exists in Mailreader.com which may enable remote attackers to disclose the contents of arbitrary webserver readable files. An attacker may exploit this issue by submitting a malicious web request containing dot-dot-slash ../...
CVE-2002-1069
The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages 1 release.htm, 2 Device Status, or 3 Device Information...
TightAuction 3.0 - Config.INC Information Disclosure
TightAuction 3.0 - Config.INC Information Disclosure source: https://www.securityfocus.com/bid/5850/info TightAuction is prone to an information disclosure vulnerability. The configuration file config.inc contains sensitive information such as database authentication credentials. It is possible f...
WoltLab Burning Board 2.0 - SQL Injection
WoltLab Burning Board 2.0 - SQL Injection source: https://www.securityfocus.com/bid/5675/info WoltLab is prone to SQL injection attacks. This is due to insufficient sanitization of parameters handled by the board.php script, which may be supplied externally via the query string in a web request...
Seanox DevWex Windows Binary 1.2002.520 - File Disclosure
Seanox DevWex Windows Binary 1.2002.520 - File Disclosure source: https://www.securityfocus.com/bid/4978/info The Seanox DevWex Windows binary version is prone to an issue which may cause arbitrary web-readable files to be disclosed to remote attackers. This problem occurs because DevWex does not...
PHProjekt 2.x/3.x - Authentication Bypass
source: https://www.securityfocus.com/bid/4596/info PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHPProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. Some of the...
PHProjekt 2.x3.x - Authentication Bypass
PHProjekt 2.x3.x - Authentication Bypass source: https://www.securityfocus.com/bid/4596/info PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHPProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft...