3432 matches found
CVE-2004-1507
CVE-2004-1507 describes a CRLF injection flaw in WebCalendar’s login.php that allows remote attackers to inject CRLF sequences via the return_path parameter, enabling HTTP Response Splitting to alter server HTML content. The NVD entry lists a network attack vector with no authentication, low comp...
CVE-2004-1516
CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the blockusername parameter in the user module...
CVE-2004-1516
The CVE-2004-1516 entry corresponds to a CRLF injection (HTTP response splitting) vulnerability in phpWebSite 0.9.3-4, exploitable via the block_username parameter in the user module. The issue arises from insufficient input validation in the PHP application, enabling remote attackers to inject a...
CVE-2004-1470
The CVE-2004-1470 entry covers a CRLF injection vulnerability in SnipSnap, affecting SnipSnap 0.5.2a and other versions before 1.0b1. The issue enables HTTP Response Splitting to alter the server’s HTML output. Impact details are limited to the vulnerability allowing manipulation of content; expl...
CVE-2004-1470
CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions before 1.0b1, allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server...
CVE-2005-0305
CVE-2005-0305 affects Siteman 1.1.10 and earlier. A CRLF injection vulnerability in users.php, triggered via the line parameter in a docreate operation, allows remote attackers with valid credentials to create arbitrary user accounts and gain privileges (administrative access). The root cause is ...
CVE-2005-0305
CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation...
CVE-2004-2208
CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to conduct HTTP response splitting attacks via unknown vectors...
CVE-2004-2512
CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the PHPSESSID parameter...
CVE-2004-1516
CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the blockusername parameter in the user module...
CVE-2004-2054
CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via 1 the mode parameter to privmsg.php or 2 the redirect parameter to login.php...
CVE-2004-1470
CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions before 1.0b1, allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server...
CVE-2004-1166
CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline "%0a" before the FTP command, which causes the commands to be inserted into the resulting FTP...
CVE-2004-1507
CRLF injection vulnerability in login.php in WebCalendar allows remote attackers to inject CRLF sequences via the returnpath parameter and perform HTTP Response Splitting attacks to modify expected HTML content from the server...
CVE-2004-2140
CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable...
CVE-2004-1584
CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter...
CVE-2004-1564
CRLF injection vulnerability in subscribethread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter...
CVE-2004-2146
CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP response splitting attacks via the fid parameter in a writenew action to thread-post.asp...
CVE-2004-1584
CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter...
CVE-2004-1166
CVE-2004-1166 describes a CRLF injection vulnerability in Internet Explorer 6.0.2800.1106 and earlier where an ftp:// URL containing a URL-encoded newline ("%0a") before the FTP command can cause the FTP commands to be injected into the session (e.g., via PORT). The connected MS06-042 bulletin do...