Lucene search
K

2442 matches found

OpenVAS
OpenVAS
added 2012/09/22 12:0 a.m.49 views

Ubuntu Update for php5 USN-1569-1

Ubuntu Update for Linux kernel vulnerabilities USN-1569-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15691.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for php5 USN-1569-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

10CVSS0.5AI score0.11178EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2012/09/21 12:0 a.m.13 views

PT-2013-33: CRLF Injection in Siemens Simatic WinCC TIA Portal

The specialists of the Positive Research center have detected "CRLF Injection" vulnerability in Siemens Simatic WinCC TIA Portal. If a user clicks on a malicious link which seems to lead to a HMI web application, it is possible to display any data to the user HTTP response splitting. How to fix...

4.3CVSS6.5AI score0.01539EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2012/09/18 12:0 a.m.40 views

Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : php5 vulnerabilities (USN-1569-1)

It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially crafted URL and inject arbitrary headers. CVE-2011-1398, CVE-2012-4388 It was discovered that PHP incorrectly handled directories...

10CVSS8.3AI score0.11178EPSS
Exploits3References5
Ubuntu
Ubuntu
added 2012/09/17 12:26 p.m.65 views

USN-1569-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially-crafted URL and inject arbitrary headers. CVE-2011-1398, CVE-2012-4388 It was discovered that PHP incorrectly handled directories...

10CVSS8.5AI score0.11178EPSS
Exploits3
securityvulns
securityvulns
added 2012/09/09 12:0 a.m.72 views

HTTP Response Splitting and XSS vulnerabilities in IBM Lotus Domino

Hello 3APA3A! I want to warn you about HTTP Response Splitting and Cross-Site Scripting vulnerabilities in IBM Lotus Domino. At 15th of August IBM released the advisory concerning these Cross-Site Scripting vulnerabilities. CVE ID: CVE-2012-3301. ------------------------- Affected products:...

4.3CVSS0.4AI score0.01467EPSS
Exploits2
NVD
NVD
added 2012/09/07 10:55 p.m.28 views

CVE-2012-4388

The sapiheaderop function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improp...

4.3CVSS6.3AI score0.04225EPSS
Exploits2References11
Prion
Prion
added 2012/09/07 10:55 p.m.25 views

Design/Logic Flaw

The sapiheaderop function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improp...

4.3CVSS6.7AI score0.10173EPSS
Exploits2References11Affected Software3
Cvelist
Cvelist
added 2012/09/07 10:0 p.m.34 views

CVE-2012-4388

The sapiheaderop function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improp...

6.2AI score0.04225EPSS
Exploits2References11
CVE
CVE
added 2012/09/07 10:0 p.m.89 views

CVE-2012-4388

CVE-2012-4388 affects PHP’s sapi_header_op in main/SAPI.c, where the pointer handling for %0D (carriage return) sequences can bypass HTTP response-splitting protections via crafted URLs. Affected are PHP 5.4.0RC2 through 5.4.0 (and related branches noted in downstream advisories), with remediatio...

4.3CVSS6.3AI score0.04225EPSS
Exploits2References11Affected Software1
UbuntuCve
UbuntuCve
added 2012/09/07 12:0 a.m.34 views

CVE-2012-4388

The sapiheaderop function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improp...

4.3CVSS5.9AI score0.04225EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2012/09/06 12:0 a.m.43 views

Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2011:142)

Security issues were identified and fixed in mozilla firefox and thunderbird : Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote...

10CVSS9AI score0.05312EPSS
Exploits3References12
seebug.org
seebug.org
added 2012/09/04 12:0 a.m.38 views

IBM Lotus Domino 8.5.3 XSS / HTTP Response Splitting

No description provided by source. This month at 15th of August IBM released the advisory about IBM Lotus Domino Cross-Site Scripting and HTTP Response Splitting vulnerabilities, which I've informed them about in May. This is only the part of all vulnerabilities, which I've found in their softwar...

4.3CVSS6.5AI score0.01467EPSS
Exploits3
securityvulns
securityvulns
added 2012/09/02 12:0 a.m.75 views

IBM Lotus Domino Cross-Site Scripting and HTTP Response Splitting vulnerabilities

Hello 3APA3A! This month at 15th of August IBM released the advisory about IBM Lotus Domino Cross-Site Scripting and HTTP Response Splitting vulnerabilities, which I've informed them about in May. This is only the part of all vulnerabilities, which I've found in their software, and they are worki...

4.3CVSS0.2AI score0.01467EPSS
Exploits3
NVD
NVD
added 2012/08/30 10:55 p.m.16 views

CVE-2011-1398

The sapiheaderop function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction betwe...

4.3CVSS6.3AI score0.10173EPSS
Exploits0References10
Prion
Prion
added 2012/08/30 10:55 p.m.24 views

Design/Logic Flaw

The sapiheaderop function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction betwe...

4.3CVSS6.9AI score0.10173EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2012/08/30 10:0 p.m.22 views

CVE-2011-1398

The sapiheaderop function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction betwe...

6.2AI score0.10173EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2012/08/30 12:0 a.m.32 views

CVE-2011-1398

The sapiheaderop function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction betwe...

4.3CVSS5.9AI score0.10173EPSS
Exploits0References5
Prion
Prion
added 2012/08/21 10:46 a.m.23 views

Crlf injection

Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving 1 Mozilla Firefox 3.0.9 and earlier or 2 unspecified browsers...

4.3CVSS7.5AI score0.01467EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2012/08/21 10:0 a.m.29 views

CVE-2012-3301

Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving 1 Mozilla Firefox 3.0.9 and earlier or 2 unspecified browsers...

6.9AI score0.01467EPSS
Exploits2References3
OwnCloud
OwnCloud
added 2012/08/10 5:9 p.m.52 views

HTTP header injection - ownCloud

A Header injection vulnerability in ownCloud before 4.0.8 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the HTTP url path parameter to index.php. Affected Software ownCloud Server 4.0.8 CVE-2012-5057 Action Taken It is...

4.3CVSS6.6AI score0.01022EPSS
Exploits0Affected Software1
Rows per page
Query Builder