| OSVDB ID | Disclosure Date | Title |
|---|
|
14573
Description:
(Description Provided by CVE) : Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 prevents viruses from being properly detected in certain files such as (1) .CAB or (2) .ZIP files.
|
2005-03-02
|
HTTP Anti Virus Proxy Archive Scanning Failure
|
|
22876
Description:
Unknown / Incomplete
|
2006-01-26
|
HTTP Anti Virus Proxy Multiple AV Scanner Failure
|
|
32986
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Default.aspx. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
2007-01-29
|
HTTP Commander Default.aspx txtUsername Parameter XSS
|
|
2780
Description:
HTTP Commander V4.0 contains a flaw that may allow a malicious user to traverse directories. A remote attacker could send a specially-crafted HTTP request to the Openfile.aspx or Html.aspx script containing "dot dot" (/../) sequences in the file parameter to traverse directories and view directory listings and arbitrary files outside of the Web root directory.
|
2003-11-06
|
HTTP Commander file Variable Traversal Path Disclosure
|
|
32985
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Default.aspx. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
2007-01-29
|
HTTP Commander logofflast.aspx LogoffMessage Parameter XSS
|
|
37388
Description:
(Description Provided by CVE) : Directory traversal vulnerability in Http explorer 1.02 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the URI.
|
2006-12-21
|
Http Explorer Web Server URI Traversal Arbitrary File Access
|
|
59839
Description:
(Description Provided by CVE) : Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a long (1) host, (2) referer, or (3) userAgent value.
|
2003-01-05
|
HTTP Fetcher URL Request http_fetch Function Overflow
|
|
43299
Description:
Unknown / Incomplete
|
2004-04-11
|
HTTP File Server (HFS) "Get passworded URL" Unspecified Password Disclosure
|
|
43304
Description:
Unknown / Incomplete
|
2007-01-28
|
HTTP File Server (HFS) "Show Customized Options" Password Disclosure
|
|
42509
Description:
(Description Provided by CVE) : HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.
|
2008-01-23
|
HTTP File Server (HFS) Account Name Log Overflow DoS
|
|
42508
Description:
(Description Provided by CVE) : Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data.
|
2008-01-23
|
HTTP File Server (HFS) Account Name Logging Traversal Arbitrary File / Directory Manipulation
|
|
42511
Description:
(Description Provided by CVE) : HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.
|
2008-01-23
|
HTTP File Server (HFS) base64 Representation Basic Authentication Log File Arbitrary Text Injection
|
|
42513
Description:
(Description Provided by CVE) : HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.
|
2008-01-23
|
HTTP File Server (HFS) Basic Authentication Crafted Element Request Information Disclosure
|
|
42510
Description:
(Description Provided by CVE) : HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
|
2008-01-23
|
HTTP File Server (HFS) Basic Authentication Log Request Audit Weakness
|
|
43303
Description:
Unknown / Incomplete
|
2007-01-28
|
HTTP File Server (HFS) Crafted Graph Request DoS
|
|
63906
Description:
Unknown / Incomplete
|
2010-04-19
|
HTTP File Server (HFS) HTTP Request % Character Remote DoS
|
|
63905
Description:
Unknown / Incomplete
|
2010-04-19
|
HTTP File Server (HFS) HTTP Request Null Byte Character Folder Permission Restriction Bypass
|
|
43302
Description:
Unknown / Incomplete
|
2006-11-30
|
HTTP File Server (HFS) Title Bar Build Version Information Disclosure
|
|
42507
Description:
Unknown / Incomplete
|
2007-12-06
|
HTTP File Server (HFS) Traversal Arbitrary File Upload
|
|
43297
Description:
Unknown / Incomplete
|
2004-04-11
|
HTTP File Server (HFS) Unspecified DoS
|
|
42512
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL.
|
2008-01-23
|
HTTP File Server (HFS) URL userinfo subcomponent XSS
|
|
43296
Description:
Unknown / Incomplete
|
2003-10-20
|
HTTP File Server (HFS) User Ban Access Persistence Weakness
|
|
43298
Description:
Unknown / Incomplete
|
2004-04-11
|
HTTP File Server (HFS) Username Case Insensitivity Weakness
|
|
43300
Description:
Unknown / Incomplete
|
2006-03-27
|
HTTP File Server (HFS) ~files.lst Filename Information Disclosure
|
|
43301
Description:
Unknown / Incomplete
|
2006-10-24
|
HTTP File Server (HFS) ~files.lst Unspecified Issue
|
|
34339
Description:
(Description Provided by CVE) : Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote attackers to execute arbitrary code via a long argument.
|
2007-05-07
|
HTTP File Uploader ActiveX (UFileUploaderD.dll) AddFile Method Overflow
|
|
38628
Description:
(Description Provided by CVE) : httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sensitive information (script source code) via a URI with a trailing %20 (encoded space).
|
2007-06-20
|
HTTP Server httpsv.exe Encoded Space Source Code Disclosure
|
|
50249
Description:
Unknown / Incomplete
|
2008-04-28
|
HTTP Time Protocol (htp) Multiple Unspecified Overflows
|
|
50250
Description:
Unknown / Incomplete
|
2008-08-06
|
HTTP Time Protocol (htp) Time Offset Handling Overflow
|
|
90741
Description:
httparty Gem for Ruby contains a flaw that is triggered when a type casting error occurs during the parsing of parameters. This may allow a context-dependent attacker to potentially execute arbitrary code.
|
2013-01-14
|
httparty Gem for Ruby Type Casting Parameter Parsing Remote Code Execution
|
