2442 matches found
EasyWebScripts eBay Clone Script SQL Injection
/ / / \ / / / / / / / / / / / // / / / / / / // / // / / / / | // / / / / / // / / / // / /,// /////,// ///// , / // EasyWebScripts eBay Clone Script, Multiple Vulnerabilities Software Page: http://easywebscripts.com/productdetails.php?itemid=10 Script Demo: http://easywebscripts.com/ebay...
RHEL 6 : php (RHSA-2013:0514)
Updated php packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, whic...
PHP: sapi_header_op() %0D sequence handling security bypass
The sapiheaderop function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction betwe...
CentOS Update for httpd CESA-2013:0130 centos5
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CentOS Update for httpd CESA-2013:0130 centos5
Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2013:0130 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Атаки через Request-Path + Баги IE
На эту тему скоро будет статейка на пару страниц прим. Хакер, апрель 2013. Идея ужасно банальная, но результат тестирования очень удивил + обнаружены интересные баги. Зачастую при тестировании забывают, что небезопасно могут обрабатываться не только Get/Post/Cookie параметры, но и Request-URI /...
Scientific Linux Security Update : httpd on SL5.x i386/x86_64 (20130108)
Input sanitization flaws were found in the modnegotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use these flaws to conduct cross-site scripting and HTTP response splitting attacks against users...
httpd, mod_ssl security update
CentOS Errata and Security Advisory CESA-2013:0130 Updated httpd packages that fix multiple security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common...
Low: Red Hat Security Advisory: httpd security, bug fix, and enhancement update
Updated httpd packages that fix multiple security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give...
CVE-2011-2732
CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter...
CVE-2011-2732
CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter...
Crlf injection
CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter...
CVE-2011-2732
CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter...
BugTracker.NET Multiple Security Vulnerabilities
BugTracker.NET is prone to SQL injection or XSS or file disclosure or HTTP response splitting vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...
CVE-2012-4023
CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...
Crlf injection
CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...
CVE-2012-4023
CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...
CVE-2012-4023
Pebble (open source weblog system) is vulnerable to a CRLF/HTTP header injection in versions prior to 2.6.4. The issue allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via unspecified vectors, potentially forging content displayed to the user, executing...
MS Forefront Unified Access Gateway Remote Code Execution Vulnerabilities (2544641)
This host is missing an important security update according to Microsoft Bulletin MS11-079. OpenVAS Vulnerability Test $Id: secpodms11-079.nasl 5958 2017-04-17 09:02:19Z teissa $ MS Forefront Unified Access Gateway Remote Code Execution Vulnerabilities 2544641 Authors: Madhuri D Copyright:...
Microsoft Forefront Unified Access Gateway Remote Code Execution Vulnerabilities (2544641)
This host is missing an important security update according to Microsoft Bulletin MS11-079. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...