Lucene search
K

3432 matches found

CVE
CVE
added 2005/02/19 5:0 a.m.45 views

CVE-2004-1507

CVE-2004-1507 describes a CRLF injection flaw in WebCalendar’s login.php that allows remote attackers to inject CRLF sequences via the return_path parameter, enabling HTTP Response Splitting to alter server HTML content. The NVD entry lists a network attack vector with no authentication, low comp...

5CVSS6.7AI score0.01473EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2005/02/19 5:0 a.m.28 views

CVE-2004-1516

CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the blockusername parameter in the user module...

6.6AI score0.01604EPSS
Exploits1References6
CVE
CVE
added 2005/02/19 5:0 a.m.64 views

CVE-2004-1516

The CVE-2004-1516 entry corresponds to a CRLF injection (HTTP response splitting) vulnerability in phpWebSite 0.9.3-4, exploitable via the block_username parameter in the user module. The issue arises from insufficient input validation in the PHP application, enabling remote attackers to inject a...

5CVSS6.7AI score0.01604EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2005/02/13 5:0 a.m.75 views

CVE-2004-1470

The CVE-2004-1470 entry covers a CRLF injection vulnerability in SnipSnap, affecting SnipSnap 0.5.2a and other versions before 1.0b1. The issue enables HTTP Response Splitting to alter the server’s HTML output. Impact details are limited to the vulnerability allowing manipulation of content; expl...

5CVSS6.7AI score0.02437EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2005/02/13 5:0 a.m.29 views

CVE-2004-1470

CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions before 1.0b1, allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server...

6.6AI score0.02437EPSS
Exploits1References5
CVE
CVE
added 2005/02/10 5:0 a.m.44 views

CVE-2005-0305

CVE-2005-0305 affects Siteman 1.1.10 and earlier. A CRLF injection vulnerability in users.php, triggered via the line parameter in a docreate operation, allows remote attackers with valid credentials to create arbitrary user accounts and gain privileges (administrative access). The root cause is ...

7.5CVSS7.2AI score0.07854EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2005/02/10 5:0 a.m.12 views

CVE-2005-0305

CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation...

7.2AI score0.07854EPSS
Exploits1References6
NVD
NVD
added 2004/12/31 5:0 a.m.19 views

CVE-2004-2208

CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to conduct HTTP response splitting attacks via unknown vectors...

5CVSS6.9AI score0.01336EPSS
Exploits0References3
NVD
NVD
added 2004/12/31 5:0 a.m.19 views

CVE-2004-2512

CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the PHPSESSID parameter...

4.3CVSS6.9AI score0.04592EPSS
Exploits1References6
NVD
NVD
added 2004/12/31 5:0 a.m.19 views

CVE-2004-1516

CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the blockusername parameter in the user module...

5CVSS6.7AI score0.01604EPSS
Exploits1References6
NVD
NVD
added 2004/12/31 5:0 a.m.18 views

CVE-2004-2054

CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via 1 the mode parameter to privmsg.php or 2 the redirect parameter to login.php...

5CVSS6.8AI score0.02223EPSS
Exploits1References4
NVD
NVD
added 2004/12/31 5:0 a.m.22 views

CVE-2004-1470

CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions before 1.0b1, allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server...

5CVSS6.7AI score0.02437EPSS
Exploits1References5
NVD
NVD
added 2004/12/31 5:0 a.m.25 views

CVE-2004-1166

CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline "%0a" before the FTP command, which causes the commands to be inserted into the resulting FTP...

7.5CVSS7.6AI score0.39165EPSS
Exploits1References14
NVD
NVD
added 2004/12/31 5:0 a.m.18 views

CVE-2004-1507

CRLF injection vulnerability in login.php in WebCalendar allows remote attackers to inject CRLF sequences via the returnpath parameter and perform HTTP Response Splitting attacks to modify expected HTML content from the server...

5CVSS6.7AI score0.01473EPSS
Exploits1References4
NVD
NVD
added 2004/12/31 5:0 a.m.23 views

CVE-2004-2140

CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable...

5CVSS6.8AI score0.01041EPSS
Exploits0References2
NVD
NVD
added 2004/12/31 5:0 a.m.26 views

CVE-2004-1584

CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter...

5CVSS6.6AI score0.11226EPSS
Exploits1References6
NVD
NVD
added 2004/12/31 5:0 a.m.24 views

CVE-2004-1564

CRLF injection vulnerability in subscribethread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter...

5CVSS6.7AI score0.06053EPSS
Exploits1References6
NVD
NVD
added 2004/12/31 5:0 a.m.14 views

CVE-2004-2146

CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP response splitting attacks via the fid parameter in a writenew action to thread-post.asp...

5CVSS6.8AI score0.01252EPSS
Exploits1References4
OSV
OSV
added 2004/12/31 5:0 a.m.3 views

CVE-2004-1584

CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter...

6.9AI score
Exploits0References7
CVE
CVE
added 2004/12/10 5:0 a.m.107 views

CVE-2004-1166

CVE-2004-1166 describes a CRLF injection vulnerability in Internet Explorer 6.0.2800.1106 and earlier where an ftp:// URL containing a URL-encoded newline ("%0a") before the FTP command can cause the FTP commands to be injected into the session (e.g., via PORT). The connected MS06-042 bulletin do...

7.5CVSS7.7AI score0.39165EPSS
Exploits1References14Affected Software2
Rows per page
Query Builder