2442 matches found
Debian: Security Advisory (DSA-1002-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-899-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-1207-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 898-1 (phpgroupware)
The remote host is missing an update to phpgroupware announced via advisory DSA 898-1. Several vulnerabilities have been discovered in phpsysinfo, a PHP based host information application. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-0870 Maksymilia...
Apache Httpd < 2.2.12 : CRLF injection in mod_negotiation when untrusted uploads are supported
Possible CRLF injection allowing HTTP response splitting attacks for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled...
CVE-2008-0202
CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter...
CVE-2008-0202
CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter...
CVE-2008-0202
CVE-2008-0202 affects ExpressionEngine 1.2.1 and earlier. A CRLF injection vulnerability in index.php allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via a URL parameter. The NVD entry provides a basic impact assessment: confidentiality impact None, in...
ExpressionEngine 1.2.1 - HTTP Response Splitting Cross-Site Scripting
ExpressionEngine 1.2.1 - HTTP Response Splitting Cross-Site Scripting source: https://www.securityfocus.com/bid/27128/info ExpressionEngine is prone to an HTTP-response-splitting vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An...
ExpressionEngine 1.2.1 - HTTP Response Splitting / Cross-Site Scripting
source: https://www.securityfocus.com/bid/27128/info ExpressionEngine is prone to an HTTP-response-splitting vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in...
Critical: Red Hat Security Advisory: flash-plugin security update
An updated Adobe Flash Player package that fixes a security issue is now available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The flash-plugin package contains a...
FreeBSD : jetty -- multiple vulnerabilities (6ae7cef2-a6ae-11dc-95e6-000c29c5647f)
Cross-site scripting XSS vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies. Mortbay Jetty before 6.1.6rc1 does not properly handle 'certain quote sequences' in HTML cookie parameters...
CVE-2007-5615
CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...
Crlf injection
CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...
CVE-2007-5615
Jetty (Mortbay Jetty) is affected by CVE-2007-5615: a CRLF injection vulnerability in Jetty before 6.1.6rc0 that could let remote attackers inject arbitrary HTTP headers and perform HTTP response splitting. IBM/OpenVAS/ Fedora references corroborate the vulnerability in Jetty and list related CVE...
jetty -- multiple vulnerabilities
Cross-site scripting XSS vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies. Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters...
Mortbay Jetty vulnerable to HTTP response splitting
Overview Mortbay Jetty is vulnerable to HTTP response splitting, which may allow a remote, unauthenticated attacker to inject various HTTP headers Description Mortbay Jetty is a web server that is written in Java. Jetty fails to properly handle HTTP headers with CRLF sequences, which can allow an...
Unfixed HTTP Response Splitting vulnerability at www.blogpeople.net
Security researcher kusomiso.com, has submitted on 30/11/2007 a HTTP Response Splitting vulnerability affecting www.blogpeople.net, which at the time of submission ranked 9933 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/12/2007. It is...
Vulnerability in ExpressionEngine
Здравствуйте 3APA3A! Сообщаю вам о найденной мною HTTP Response Splitting уязвимости в системе ExpressionEngine. Которая может быть использована в частности для проведения Cross-Site Scripting атаки. XSS: Уязвимость в скрипте index.php в параметре URL...
Debian DSA-1401-1 : iceape - several vulnerabilities
Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the SeaMonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1095 Michal Zalewski discovered that the unload event handler had...