Searching url software vulnerabilities

Denial of service in MDaemon WorldClient and We

WorldClient | WebConfig | services | MDaemon | service | Denial | long | URL | via |

Denial of service in MDaemon WorldClient and WebConfig services via a long URL.


Baltimore Technologies WEBsweeper 4.02, when us

Technologies | WEBsweeper | Baltimore |

Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.


Ipswitch IMail 7.04 and earlier stores a user's

Ipswitch | IMail |

Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.


Finjan Software SurfinGate 6.0 and 6.0 1 allows

restrictions | SurfinGate | attackers | hostname | Software | instead | address | access | allows | remote | Finjan | bypass | URL | via |

Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL with an IP address instead of a hostname.


RealOne player allows remote attackers to execu

demonstrated | presentation | references | previously | arbitrary | scripting | attackers | Computer" | executed | security | protocol | RealOne | execute | context | script | remote | allows | player | loaded | using | which | zone | SMIL | "My | URL | via |

RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.


Internet Explorer 5.01 through 6 SP1 allows rem

Explorer | Internet |

Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."


Buffer overflow in the URL processor of Microso

processor | Microsoft | Internet | overflow | Explorer | Buffer | URL |

Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."


Multiple directory traversal vulnerabilities in

vulnerabilities | LogiSphere | arbitrary | attackers | traversal | directory | Multiple | remote | access | files | allow | 099j | via |

Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot), (2) "..." (triple dot), and (3) "..//" sequences in the URL, (4) "../" sequences in the source parameter to viewsource.jsp, or (5) "..\" (dot dot backslash) sequences in the NS-query-pat paramter to the search URL. URL.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg.


WmRoot/adapter-index.dsp in SAP Business Connec

WmRoot/adapter-indexdsp | Connector | attackers | spoofing | Business | earlier | conduct | remote | allows | Core | SAP | Fix |

WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame.


PHP remote file inclusion vulnerability in spip

spip_loginphp3 | vulnerability | inclusion | remote | SPIP | file | PHP |

PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.


SQL injection vulnerability in login.php in You

YourFreeWorldcom | vulnerability | parameter | arbitrary | injection | attackers | loginphp | commands | execute | Tracker | remote | Script | allows | Short | SQL | via | Url |

SQL injection vulnerability in login.php in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the URL submission form in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to inject arbitrary web script or HTML via an unspecified form for submitting URLs.


Prodder before 0.5, and perlpodder before 0.5,

metacharacters | perlpodder | attackers | arbitrary | podcast | execute | Prodder | before | remote | allows | shell | code | URL | via |

Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget.


PHP remote file inclusion vulnerability in dix.

url_phpartenaire | vulnerability | PHPartenaire | attackers | parameter | arbitrary | inclusion | execute | dixphp3 | remote | allows | code | file | PHP | via | URL |

PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the url_phpartenaire parameter.


The Tools module in fx-APP 0.0.8.1 allows remot

fx-APP | module | Tools |

The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe.


Portal Search allows remote attackers to redire

attackers | arbitrary | top-level | redirect | placing | Portal | string | Search | allows | remote | query | site | URI | URL | web |

Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI.


Grok Developments NetProxy 4.03 allows remote a

Developments | NetProxy | Grok |

Grok Developments NetProxy 4.03 allows remote attackers to bypass URL filtering via a request that omits "http://" from the URL and specifies the destination port (:80).


Stack-based buffer overflow in the zip:// URL w

Stack-based | overflow | buffer |

Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.


The get_url function in DODS_Dispatch.pm for th

DODS_Dispatchpm | metacharacters | CGI_server | attackers | arbitrary | function | commands | get_url | execute | OPeNDAP | allows | remote | shell | URL | via |

The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP 3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.


Software vulnerabilities results 1 to 20 of 2381     
Page: 12345...120