Lucene search
K

2442 matches found

Packet Storm
Packet Storm
added 2011/11/28 12:0 a.m.27 views

Manx 1.0.1 HTTP Response Splitting

==============+==============+==============+============== Manx cms.xml 1.0.1 Multiple HTTP Response Splitting Vulnerabilities Vendor: Paul Jova Product web page: http://manx.jovascript.com Affected version: 1.0.1 Summary: Manx is a Content Management System that uses xml text files to store the...

7.4AI score
Exploits0
myhack58
myhack58
added 2011/11/23 12:0 a.m.16 views

Lenovo based information distribution system the presence of a CRLF injection/HTTP response splitting-vulnerability warning-the black bar safety net

Brief description: It is a remote attacker to inject custom HTTP headers. The attacker can inject a session cookie or HTML code. This may be theXSS(cross-site scripting or session fixation vulnerability. Detailed description: URL-encoded input langid set SomeCustomInjectedHeader: the injectedbywv...

7AI score
Exploits0
exploitpack
exploitpack
added 2011/11/23 12:0 a.m.14 views

Prestashop 1.4.4.1 - displayImage.php HTTP Response Splitting

Prestashop 1.4.4.1 - displayImage.php HTTP Response Splitting source: https://www.securityfocus.com/bid/50785/info Prestashop is prone to an HTTP-response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to influence or...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2011/11/23 12:0 a.m.25 views

Prestashop 1.4.4.1 - 'displayImage.php' HTTP Response Splitting

source: https://www.securityfocus.com/bid/50785/info Prestashop is prone to an HTTP-response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/11/18 12:0 a.m.113 views

PHP 5.1.x < 5.1.2 Multiple Vulnerabilities

According to its banner, the version of PHP 5.1.x installed on the remote host is older than 5.1.2. Such versions may be affected by multiple vulnerabilities : - A format string vulnerability exists in the error-reporting feature of the mysqli extension. CVE-2006-0200 - Multiple HTTP response...

9.3CVSS5.5AI score0.18942EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2011/11/10 12:0 a.m.2 views

PT-2011-34: HTTP Response Splitting in Citrix XenServer Web Self Service

The specialists of the Positive Research center have detected "HTTP Response Splitting" vulnerability in Citrix XenServer Web Self Service. GET parameter page of the login page allows one to insert an arbitrary HTTP header into the server response. How to fix Update your software up to the latest...

4.3CVSS7.3AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2011/11/10 12:0 a.m.4 views

PT-2011-37: HTTP Response Splitting in Citrix XenServer Virtual Switch Controller

Positive Research Center has discovered a HTTP Response Splitting in Citrix XenServer Virtual Switch Controller. GET parameter lastpage of the login page allows one to insert an arbitrary HTTP header into the server response. How to fix Update your software up to the latest version Advisory statu...

4.3CVSS7.2AI score
Exploits0References4
FreeBSD
FreeBSD
added 2011/11/06 12:0 a.m.33 views

php5 -- header splitting attack via carriage-return character

Rui Hirokawa reports: As of PHP 5.1.2, header can no longer be used to send multiple response headers in a single call to prevent the HTTP Response Splitting Attack. header only checks the linefeed LF, 0x0A as line-end marker, it doesn't check the carriage-return CR, 0x0D. However, some browsers...

4.3CVSS1AI score0.10173EPSS
Exploits0References1
NVD
NVD
added 2011/10/12 2:52 a.m.15 views

CVE-2011-1895

CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via unspecified vectors, aka "ExcelTabl...

4.3CVSS5.5AI score0.11137EPSS
Exploits0References4
Prion
Prion
added 2011/10/12 2:52 a.m.10 views

Crlf injection

CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via unspecified vectors, aka "ExcelTabl...

4.3CVSS5.5AI score0.11137EPSS
Exploits0References4Affected Software1
Symantec
Symantec
added 2011/10/11 12:0 a.m.28 views

Microsoft Forefront Unified Access Gateway (CVE-2011-1895) HTTP Response Splitting Vulnerability

Description Microsoft Forefront Unified Access Gateway is prone to an HTTP response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could ai...

4.3CVSS0.1AI score0.11137EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2011/10/11 12:0 a.m.43 views

MS11-079: Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)

The version of Forefront Unified Access Gateway UAG running on the remote host has multiple vulnerabilities in the Web Monitor component : - An HTTP response splitting vulnerability in ExcelTable.asp. CVE-2011-1895 - A reflected XSS in ExcelTable.asp. CVE-2011-1896 - A reflected XSS in Default.as...

9.3CVSS6AI score0.17309EPSS
Exploits4References7
OpenVAS
OpenVAS
added 2011/10/04 12:0 a.m.60 views

Mandriva Update for firefox MDVSA-2011:139 (firefox)

Check for the Version of firefox OpenVAS Vulnerability Test Mandriva Update for firefox MDVSA-2011:139 firefox Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

10CVSS0.7AI score0.05368EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2011/10/04 12:0 a.m.22 views

Mandriva Update for mozilla-thunderbird MDVSA-2011:140 (mozilla-thunderbird)

Check for the Version of mozilla-thunderbird OpenVAS Vulnerability Test Mandriva Update for mozilla-thunderbird MDVSA-2011:140 mozilla-thunderbird Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

10CVSS0.1AI score0.05368EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2011/10/04 12:0 a.m.53 views

Mandriva Update for firefox MDVSA-2011:139 (firefox)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

10CVSS8.6AI score0.05368EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2011/10/03 12:0 a.m.38 views

Mandriva Linux Security Advisory : firefox (MDVSA-2011:139)

Security issues were identified and fixed in mozilla firefox and thunderbird : Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote...

10CVSS8.8AI score0.05368EPSS
Exploits3References12
NVD
NVD
added 2011/09/29 12:55 a.m.27 views

CVE-2011-3000

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting...

4.3CVSS6.5AI score0.02018EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2011/09/29 12:55 a.m.1 views

CVE-2011-3000

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting...

4.3CVSS8.6AI score0.02018EPSS
Exploits0References15
Cvelist
Cvelist
added 2011/09/29 12:0 a.m.25 views

CVE-2011-3000

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting...

9.4AI score0.02018EPSS
Exploits0References14
CVE
CVE
added 2011/09/29 12:0 a.m.218 views

CVE-2011-3000

Affected software: Mozilla Firefox before 3.6.23 and 4.x through 6; also affects Thunderbird before 7.0 and SeaMonkey before 2.4. Root cause: HTTP response handling flaw that allows HTTP response splitting when responses contain multiple Location, Content-Length, or Content-Disposition headers. I...

4.3CVSS9.2AI score0.02018EPSS
Exploits0References14Affected Software1
Rows per page
Query Builder