2442 matches found
Manx 1.0.1 HTTP Response Splitting
==============+==============+==============+============== Manx cms.xml 1.0.1 Multiple HTTP Response Splitting Vulnerabilities Vendor: Paul Jova Product web page: http://manx.jovascript.com Affected version: 1.0.1 Summary: Manx is a Content Management System that uses xml text files to store the...
Lenovo based information distribution system the presence of a CRLF injection/HTTP response splitting-vulnerability warning-the black bar safety net
Brief description: It is a remote attacker to inject custom HTTP headers. The attacker can inject a session cookie or HTML code. This may be theXSS(cross-site scripting or session fixation vulnerability. Detailed description: URL-encoded input langid set SomeCustomInjectedHeader: the injectedbywv...
Prestashop 1.4.4.1 - displayImage.php HTTP Response Splitting
Prestashop 1.4.4.1 - displayImage.php HTTP Response Splitting source: https://www.securityfocus.com/bid/50785/info Prestashop is prone to an HTTP-response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to influence or...
Prestashop 1.4.4.1 - 'displayImage.php' HTTP Response Splitting
source: https://www.securityfocus.com/bid/50785/info Prestashop is prone to an HTTP-response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This...
PHP 5.1.x < 5.1.2 Multiple Vulnerabilities
According to its banner, the version of PHP 5.1.x installed on the remote host is older than 5.1.2. Such versions may be affected by multiple vulnerabilities : - A format string vulnerability exists in the error-reporting feature of the mysqli extension. CVE-2006-0200 - Multiple HTTP response...
PT-2011-34: HTTP Response Splitting in Citrix XenServer Web Self Service
The specialists of the Positive Research center have detected "HTTP Response Splitting" vulnerability in Citrix XenServer Web Self Service. GET parameter page of the login page allows one to insert an arbitrary HTTP header into the server response. How to fix Update your software up to the latest...
PT-2011-37: HTTP Response Splitting in Citrix XenServer Virtual Switch Controller
Positive Research Center has discovered a HTTP Response Splitting in Citrix XenServer Virtual Switch Controller. GET parameter lastpage of the login page allows one to insert an arbitrary HTTP header into the server response. How to fix Update your software up to the latest version Advisory statu...
php5 -- header splitting attack via carriage-return character
Rui Hirokawa reports: As of PHP 5.1.2, header can no longer be used to send multiple response headers in a single call to prevent the HTTP Response Splitting Attack. header only checks the linefeed LF, 0x0A as line-end marker, it doesn't check the carriage-return CR, 0x0D. However, some browsers...
CVE-2011-1895
CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via unspecified vectors, aka "ExcelTabl...
Crlf injection
CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via unspecified vectors, aka "ExcelTabl...
Microsoft Forefront Unified Access Gateway (CVE-2011-1895) HTTP Response Splitting Vulnerability
Description Microsoft Forefront Unified Access Gateway is prone to an HTTP response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could ai...
MS11-079: Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)
The version of Forefront Unified Access Gateway UAG running on the remote host has multiple vulnerabilities in the Web Monitor component : - An HTTP response splitting vulnerability in ExcelTable.asp. CVE-2011-1895 - A reflected XSS in ExcelTable.asp. CVE-2011-1896 - A reflected XSS in Default.as...
Mandriva Update for firefox MDVSA-2011:139 (firefox)
Check for the Version of firefox OpenVAS Vulnerability Test Mandriva Update for firefox MDVSA-2011:139 firefox Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
Mandriva Update for mozilla-thunderbird MDVSA-2011:140 (mozilla-thunderbird)
Check for the Version of mozilla-thunderbird OpenVAS Vulnerability Test Mandriva Update for mozilla-thunderbird MDVSA-2011:140 mozilla-thunderbird Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
Mandriva Update for firefox MDVSA-2011:139 (firefox)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Mandriva Linux Security Advisory : firefox (MDVSA-2011:139)
Security issues were identified and fixed in mozilla firefox and thunderbird : Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote...
CVE-2011-3000
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting...
CVE-2011-3000
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting...
CVE-2011-3000
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting...
CVE-2011-3000
Affected software: Mozilla Firefox before 3.6.23 and 4.x through 6; also affects Thunderbird before 7.0 and SeaMonkey before 2.4. Root cause: HTTP response handling flaw that allows HTTP response splitting when responses contain multiple Location, Content-Length, or Content-Disposition headers. I...