Lucene search
K

2442 matches found

NVD
NVD
added 2012/05/03 10:11 a.m.13 views

CVE-2011-4237

CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu186...

4.3CVSS6.9AI score0.01168EPSS
Exploits0References3
Prion
Prion
added 2012/05/03 10:11 a.m.14 views

Crlf injection

CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu186...

4.3CVSS7.5AI score0.01168EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/05/03 10:0 a.m.19 views

CVE-2011-4237

CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu186...

6.9AI score0.01168EPSS
Exploits0References3
CVE
CVE
added 2012/05/03 10:0 a.m.66 views

CVE-2011-4237

The CVE-2011-4237 issue is a CRLF injection/HTTP response-splitting vulnerability in CiscoWorks Common Services 4.0 used with Cisco Prime LAN Management Solution and related products. Root cause: improper sanitization of user input in Autologin.jsp, enabling an unauthenticated remote attacker to ...

4.3CVSS7.2AI score0.01168EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2012/05/02 10:9 a.m.15 views

CVE-2011-3285

CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances ASA 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCth63101...

5CVSS7AI score0.02034EPSS
Exploits0References3
Cvelist
Cvelist
added 2012/05/02 10:0 a.m.24 views

CVE-2011-3285

CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances ASA 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCth63101...

7AI score0.02034EPSS
Exploits0References3
CVE
CVE
added 2012/05/02 10:0 a.m.54 views

CVE-2011-3285

CVE-2011-3285 describes a CRLF injection in the Cisco ASA 5500 series, affecting software versions 8.0 through 8.4 in the /+CSCOE+/logon.html endpoint. The vulnerability allows remote attackers to inject arbitrary HTTP headers and carry out HTTP response splitting via unspecified vectors (Bug ID ...

5CVSS7.2AI score0.02034EPSS
Exploits0References3Affected Software2
Tenable Nessus
Tenable Nessus
added 2012/05/02 12:0 a.m.53 views

PHP 5.4.x < 5.4.1 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.1, and, therefore, potentially affected by multiple vulnerabilities : - The '$FILES' variable can be corrupted because the names of uploaded files are not properly validated. CVE-2012-1172 - The...

5.8CVSS8.3AI score0.06365EPSS
Exploits4References7
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.74 views

HTTP Response Splitting in Oracle Enterprise Manager &#40;pageName parameter&#41; &#40;CVE-2012-0527&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory HTTP Response Splitting in Oracle Enterprise Manager pageName parameter. Risk Level: Medium Affected versions: Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7, 11.2.0.3 and previous patchsets Orac...

4.3CVSS5.9AI score0.01927EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.69 views

HTTP Response Splitting in Oracle Enterprise Manager &#40;prevPage parameter&#41; &#40;CVE-2012-0526&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory HTTP Response Splitting in Oracle Enterprise Manager prevPage parameter. Risk Level: Medium Affected versions: Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7, 11.2.0.3 and previous patchsets Orac...

4.3CVSS5.9AI score0.01927EPSS
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.62 views

Mobile Mp3 Search Engine HTTP Response Splitting

-=--------------------ADVISORY-------------------=- Mobile Mp3 Search Engine 2.0 Author: Corrado Liotta Aka CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Mobile Mp3 Search Engine -=+ Version: 2.0 -=+ Vendor's URL:...

6.4AI score
Exploits0
Packet Storm
Packet Storm
added 2012/03/08 12:0 a.m.24 views

Promise WebPAM 2.2.0.13 Cross Site Scripting / SQL Injection

Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities Vendor: Promise Technology, Inc. Product web page: http://www.promise.com Affected version: 2.2.0.13 Summary: WebPAM is a web based Promise Array Management Software that's easy-to use, designed to simplify RAID storage management. WebPAM i...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2012/03/07 12:0 a.m.42 views

promise webpam 2.2.0.13 - Multiple Vulnerabilities

Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities Vendor: Promise Technology, Inc. Product web page: http://www.promise.com Affected version: 2.2.0.13 Summary: WebPAM is a web based Promise Array Management Software that's easy-to use, designed to simplify RAID storage management. WebPAM i...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2012/03/07 12:0 a.m.15 views

promise webpam 2.2.0.13 - Multiple Vulnerabilities

promise webpam 2.2.0.13 - Multiple Vulnerabilities Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities Vendor: Promise Technology, Inc. Product web page: http://www.promise.com Affected version: 2.2.0.13 Summary: WebPAM is a web based Promise Array Management Software that's easy-to use,...

0.3AI score
Exploits0
0day.today
0day.today
added 2012/03/07 12:0 a.m.24 views

Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities

Exploit for php platform in category web applications Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities Vendor: Promise Technology, Inc. Product web page: http://www.promise.com Affected version: 2.2.0.13 Summary: WebPAM is a web based Promise Array Management Software that's easy-to use,...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2012/02/24 12:0 a.m.30 views

Mobile MP3 Search Engine 2.0 HTTP Response Splitting

-=--------------------ADVISORY-------------------=- Mobile Mp3 Search Engine 2.0 Author: Corrado Liotta Aka CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Mobile Mp3 Search Engine -=+ Version: 2.0 -=+ Vendor's URL:...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2012/02/23 12:0 a.m.14 views

Mobile Mp3 Search Script 2.0 - dl.php HTTP Response Splitting

Mobile Mp3 Search Script 2.0 - dl.php HTTP Response Splitting source: https://www.securityfocus.com/bid/52136/info Mobile Mp3 Search Script is prone to an HTTP-response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2012/02/23 12:0 a.m.19 views

Mobile Mp3 Search Script 2.0 - &#039;dl.php&#039; HTTP Response Splitting

source: https://www.securityfocus.com/bid/52136/info Mobile Mp3 Search Script is prone to an HTTP-response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or...

7.4AI score
Exploits0
NVD
NVD
added 2012/02/03 8:55 p.m.27 views

CVE-2011-4512

CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 aka TIA portal before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows...

5CVSS6.8AI score0.01752EPSS
Exploits0References2
Prion
Prion
added 2012/02/03 8:55 p.m.18 views

Crlf injection

CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 aka TIA portal before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows...

5CVSS7.3AI score0.01752EPSS
Exploits0References2Affected Software3
Rows per page
Query Builder