Searching http software vulnerabilities

Novell NetWare with Novell-HTTP-Server or YAWN

Novell-HTTP-Server | attackers | requests | conduct | service | servers | NetWare | denial | number | allows | remote | Novell | large | HTTP | YAWN | web | GET | via |

Novell NetWare with Novell-HTTP-Server or YAWN web servers allows remote attackers to conduct a denial of service via a large number of HTTP GET requests.


Directory traversal vulnerability in SEDUM HTTP

vulnerability | arbitrary | attackers | traversal | Directory | remote | allows | Server | SEDUM | files | HTTP | read | via |

Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the HTTP GET request.


SEDUM 2.1 HTTP server allows remote attackers t

arbitrary | attackers | possibly | commands | service | request | execute | denial | allows | server | remote | SEDUM | cause | long | HTTP | via |

SEDUM 2.1 HTTP server allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request.


Buffer overflow in A1 HTTP server 1.0a allows r

attackers | arbitrary | commands | possibly | overflow | execute | request | service | denial | server | Buffer | remote | allows | cause | long | HTTP | 10a | via |

Buffer overflow in A1 HTTP server 1.0a allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request.


Directory traversal vulnerability in A1 HTTP se

vulnerability | arbitrary | attackers | traversal | Directory | remote | allows | server | files | HTTP | read | via | 10a |

Directory traversal vulnerability in A1 HTTP server 1.0a allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.


Bajie HTTP JServer 0.78 allows remote attackers

JServer | Bajie | HTTP |

Bajie HTTP JServer 0.78 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist.


Orange Web Server 2.1, based on GoAhead, allows

attacker | GoAhead | perform | service | include | version | request | denial | Orange | Server | remote | allows | based | does | HTTP | Web | not | via | GET |

Orange Web Server 2.1, based on GoAhead, allows a remote attacker to perform a denial of service via an HTTP GET request that does not include the HTTP version.


Lil HTTP Server 2.1 allows remote attackers to

password-protected | attackers | request | remote | Server | allows | files | HTTP | read | Lil | via |

Lil HTTP Server 2.1 allows remote attackers to read password-protected files via a /./ in the HTTP request.


Directory traversal vulnerability in the HTTP s

vulnerability | arbitrary | attackers | Directory | traversal | allows | remote | server | Studio | files | read | HTTP | via | BPM | Pro |

Directory traversal vulnerability in the HTTP server for BPM Studio Pro 4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.


Buffer overflow in the HttpGetRequest function

HttpGetRequest | arbitrary | attackers | function | overflow | request | execute | remote | Buffer | server | allows | Zeroo | long | HTTP | code | via |

Buffer overflow in the HttpGetRequest function in Zeroo HTTP server 1.5 allows remote attackers to execute arbitrary code via a long HTTP request.


Directory traversal vulnerability in Lil' HTTP

vulnerability | arbitrary | attackers | traversal | Directory | remote | allows | server | files | Lil' | HTTP | read | via |

Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.


Tiny Server 1.1 allows remote attackers to caus

attackers | service | denial | remote | Server | allows | cause | Tiny |

Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via malformed HTTP requests such as (1) a GET request without the HTTP version (HTTP/1.1), or (2) a request without GET or the HTTP version.


The Apache HTTP server before 1.3.34, and 2.0.x

server | before | Apache | HTTP |

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."


The HTTP Inspect preprocessor (http_inspect) in

preprocessor | Inspect | HTTP |

The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass "uricontent" rules via a carriage return (\r) after the URL and before the HTTP declaration.


IBM Director before 5.10 allows remote attacker

Director | before | IBM |

IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE.


CRLF injection vulnerability in (1) include/inc

vulnerability | injection | CRLF |

CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).


The http_open function in httpget.c in mpg123 b

http_open | httpgetc | function | before | mpg123 |

The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.


SQL injection vulnerability in index.php in Fra

vulnerability | Francisco | arbitrary | Referers" | attackers | injection | commands | indexphp | PHP-Nuke | execute | enabled | earlier | Referer | header | remote | allows | Final | Burzi | block | "HTTP | HTTP | SQL | via |

SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable).


http.c in MiniWeb Http Server 0.8.x allows remo

attackers | MiniWeb | service | remote | denial | allows | Server | httpc | cause | Http | 08x |

http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header.


Multiple SQL injection vulnerabilities in downl

vulnerabilities | downloadphp | injection | Download | Multiple | Olate | SQL |

Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header.


Software vulnerabilities results 1 to 20 of 1088     
Page: 12345...55