2442 matches found
CVE-2011-4237
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu186...
Crlf injection
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu186...
CVE-2011-4237
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu186...
CVE-2011-4237
The CVE-2011-4237 issue is a CRLF injection/HTTP response-splitting vulnerability in CiscoWorks Common Services 4.0 used with Cisco Prime LAN Management Solution and related products. Root cause: improper sanitization of user input in Autologin.jsp, enabling an unauthenticated remote attacker to ...
CVE-2011-3285
CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances ASA 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCth63101...
CVE-2011-3285
CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances ASA 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCth63101...
CVE-2011-3285
CVE-2011-3285 describes a CRLF injection in the Cisco ASA 5500 series, affecting software versions 8.0 through 8.4 in the /+CSCOE+/logon.html endpoint. The vulnerability allows remote attackers to inject arbitrary HTTP headers and carry out HTTP response splitting via unspecified vectors (Bug ID ...
PHP 5.4.x < 5.4.1 Multiple Vulnerabilities
According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.1, and, therefore, potentially affected by multiple vulnerabilities : - The '$FILES' variable can be corrupted because the names of uploaded files are not properly validated. CVE-2012-1172 - The...
HTTP Response Splitting in Oracle Enterprise Manager (pageName parameter) (CVE-2012-0527)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory HTTP Response Splitting in Oracle Enterprise Manager pageName parameter. Risk Level: Medium Affected versions: Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7, 11.2.0.3 and previous patchsets Orac...
HTTP Response Splitting in Oracle Enterprise Manager (prevPage parameter) (CVE-2012-0526)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory HTTP Response Splitting in Oracle Enterprise Manager prevPage parameter. Risk Level: Medium Affected versions: Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7, 11.2.0.3 and previous patchsets Orac...
Mobile Mp3 Search Engine HTTP Response Splitting
-=--------------------ADVISORY-------------------=- Mobile Mp3 Search Engine 2.0 Author: Corrado Liotta Aka CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Mobile Mp3 Search Engine -=+ Version: 2.0 -=+ Vendor's URL:...
Promise WebPAM 2.2.0.13 Cross Site Scripting / SQL Injection
Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities Vendor: Promise Technology, Inc. Product web page: http://www.promise.com Affected version: 2.2.0.13 Summary: WebPAM is a web based Promise Array Management Software that's easy-to use, designed to simplify RAID storage management. WebPAM i...
promise webpam 2.2.0.13 - Multiple Vulnerabilities
Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities Vendor: Promise Technology, Inc. Product web page: http://www.promise.com Affected version: 2.2.0.13 Summary: WebPAM is a web based Promise Array Management Software that's easy-to use, designed to simplify RAID storage management. WebPAM i...
promise webpam 2.2.0.13 - Multiple Vulnerabilities
promise webpam 2.2.0.13 - Multiple Vulnerabilities Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities Vendor: Promise Technology, Inc. Product web page: http://www.promise.com Affected version: 2.2.0.13 Summary: WebPAM is a web based Promise Array Management Software that's easy-to use,...
Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities
Exploit for php platform in category web applications Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities Vendor: Promise Technology, Inc. Product web page: http://www.promise.com Affected version: 2.2.0.13 Summary: WebPAM is a web based Promise Array Management Software that's easy-to use,...
Mobile MP3 Search Engine 2.0 HTTP Response Splitting
-=--------------------ADVISORY-------------------=- Mobile Mp3 Search Engine 2.0 Author: Corrado Liotta Aka CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Mobile Mp3 Search Engine -=+ Version: 2.0 -=+ Vendor's URL:...
Mobile Mp3 Search Script 2.0 - dl.php HTTP Response Splitting
Mobile Mp3 Search Script 2.0 - dl.php HTTP Response Splitting source: https://www.securityfocus.com/bid/52136/info Mobile Mp3 Search Script is prone to an HTTP-response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to...
Mobile Mp3 Search Script 2.0 - 'dl.php' HTTP Response Splitting
source: https://www.securityfocus.com/bid/52136/info Mobile Mp3 Search Script is prone to an HTTP-response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or...
CVE-2011-4512
CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 aka TIA portal before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows...
Crlf injection
CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 aka TIA portal before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows...