Lucene search
K

2442 matches found

Tenable Nessus
Tenable Nessus
added 2007/11/06 12:0 a.m.28 views

Fedora 7 : drupal-5.3-1.fc7 (2007-2649)

Upgrade to 5.3, fixes : - HTTP response splitting. - Arbitrary code execution. - Cross-site scripting. - Cross-site request forgery. - Access bypass. Remember to log in to your site as the admin user before upgrading this package. After upgrading the package, browse to...

6.8CVSS5.4AI score0.03771EPSS
Exploits0References6
OSV
OSV
added 2007/11/05 12:0 a.m.44 views

DSA-1401-1 iceape - several vulnerabilities

Bulletin has no description...

9.3CVSS6.4AI score0.12736EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2007/10/30 12:0 a.m.44 views

Debian DSA-1396-1 : iceweasel - several vulnerabilities

Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1095 Michal Zalewski discovered that the unload event handler had access t...

9.3CVSS8.5AI score0.12736EPSS
Exploits4References18
Debian
Debian
added 2007/10/27 11:54 a.m.44 views

[SECURITY] [DSA 1396-1] New iceweasel packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1396-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 27th, 2007 http://www.debian.org/security/faq -...

9.3CVSS7.3AI score0.12736EPSS
Exploits4
OSV
OSV
added 2007/10/27 12:0 a.m.42 views

DSA-1396-1 iceweasel

Bulletin has no description...

9.3CVSS6.4AI score0.12736EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2007/10/25 12:0 a.m.32 views

Debian DSA-1392-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1095 Michal Zalewski discovered that the unload event handler had access to the address of...

9.3CVSS8.4AI score0.12736EPSS
Exploits3References18
Tenable Nessus
Tenable Nessus
added 2007/10/25 12:0 a.m.33 views

FreeBSD : drupal --- multiple vulnerabilities (9c00d446-8208-11dc-9283-0016179b2dd5)

The Drupal Project reports : In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of...

6.8CVSS5.9AI score0.03771EPSS
Exploits0References11
Debian
Debian
added 2007/10/20 11:56 a.m.44 views

[SECURITY] [DSA 1392-1] New xulrunner packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1392-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 20th, 2007 http://www.debian.org/security/faq -...

9.3CVSS7.3AI score0.12736EPSS
Exploits4
OSV
OSV
added 2007/10/20 12:0 a.m.51 views

DSA-1392-1 xulrunner - several vulnerabilities

Bulletin has no description...

9.3CVSS6.4AI score0.12736EPSS
Exploits4
UbuntuCve
UbuntuCve
added 2007/10/19 11:17 p.m.20 views

CVE-2007-5595

CRLF injection vulnerability in the drupalgoto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

5.1CVSS6AI score0.01992EPSS
Exploits0References1
Cvelist
Cvelist
added 2007/10/19 11:0 p.m.25 views

CVE-2007-5595

CRLF injection vulnerability in the drupalgoto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

6.7AI score0.01992EPSS
Exploits0References7
CVE
CVE
added 2007/10/19 11:0 p.m.50 views

CVE-2007-5595

Drupal 4.7.x before 4.7.8 and 5.x before 5.3 contains a CRLF injection vulnerability in the drupal_goto function (includes/common.inc). Remote attackers can inject arbitrary HTTP headers and perform HTTP response splitting via unspecified vectors. Public references describe fixes upgrading to Dru...

5.1CVSS6.7AI score0.01992EPSS
Exploits0References7Affected Software1
Drupal
Drupal
added 2007/10/17 12:0 a.m.36 views

SA-2007-024 - Drupal Core - HTTP response splitting

In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of issues, among them cache...

7.7AI score
Exploits0References5
FreeBSD
FreeBSD
added 2007/10/17 12:0 a.m.41 views

drupal --- multiple vulnerabilities

The Drupal Project reports: In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of...

4.3CVSS7.2AI score0.01451EPSS
Exploits0References7
CVE
CVE
added 2007/09/23 11:0 p.m.47 views

CVE-2003-1338

The CVE-2003-1338 entry documents a CRLF injection vulnerability in Aprelium Abyss Web Server

4.3CVSS7.5AI score0.00891EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2007/09/23 11:0 p.m.17 views

CVE-2003-1338

CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header...

7AI score0.00891EPSS
Exploits1References1
xssed
xssed
added 2007/09/20 12:0 a.m.10 views

Unfixed HTTP Response Splitting vulnerability at www.bereketlikasabasi.com

Security researcher st@rext, has submitted on 20/09/2007 a HTTP Response Splitting vulnerability affecting www.bereketlikasabasi.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/09/2007. It is...

0.1AI score
Exploits0References1
Prion
Prion
added 2007/08/08 1:17 a.m.16 views

Crlf injection

CRLF injection vulnerability in Joomla! before 1.0.13 aka Sunglow allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting XSS attacks. NOTE: some of...

4.3CVSS6.1AI score0.01673EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2007/08/08 1:17 a.m.25 views

CVE-2007-4190

CRLF injection vulnerability in Joomla! before 1.0.13 aka Sunglow allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting XSS attacks. NOTE: some of...

4.3CVSS6AI score0.01673EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/08/08 1:11 a.m.27 views

CVE-2007-4190

CRLF injection vulnerability in Joomla! before 1.0.13 aka Sunglow allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting XSS attacks. NOTE: some of...

5.9AI score0.01673EPSS
Exploits0References4
Rows per page
Query Builder