Design/Logic Flaw

An XXE issue was discovered in Automated Logic Corporation ALC WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via t...

Cloudflare: Remote file inclusion using "/cdn-cgi/pe/bag2?r[]="

Grampae was able to load arbitrary resources into an HTML response form. The following header parameters provided an HTTP request back although sometimes 30 minutes later: X-Forwarded-For Client-IP Referer Contact X-Wap-Profile Forwarded X-Originated-IP X-Client-IP From User Agent The resource...

Format string

Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header...

RealNetworks Helix Server "x-wap-profile"头选项格式串处理漏洞

BUGTRAQ ID: 47110 CVE ID: CVE-2010-4235 RealNetwork Helix Server是一款支持多格式、跨平台的流媒体服务器软件，能将高质量的多媒体内容发不到任何网络位置。 Helix Server在处理请求中的"x-wap-profile"头选项时存在格式串处理漏洞，远程攻击者可利用此漏洞在受影响应用程序中执行任意代码或造成拒绝服务。 Real Networks Helix Mobile Server 14.0.0 Real Networks Helix Mobile Server 13.x Real Networks Helix Mobile...

RealNetworks Helix Server x-wap-profile Format String Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Helix Server products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rmserver.exe process. This process is active by default on all Helix Server...