2442 matches found
Fedora 7 : drupal-5.3-1.fc7 (2007-2649)
Upgrade to 5.3, fixes : - HTTP response splitting. - Arbitrary code execution. - Cross-site scripting. - Cross-site request forgery. - Access bypass. Remember to log in to your site as the admin user before upgrading this package. After upgrading the package, browse to...
DSA-1401-1 iceape - several vulnerabilities
Bulletin has no description...
Debian DSA-1396-1 : iceweasel - several vulnerabilities
Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1095 Michal Zalewski discovered that the unload event handler had access t...
[SECURITY] [DSA 1396-1] New iceweasel packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1396-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 27th, 2007 http://www.debian.org/security/faq -...
DSA-1396-1 iceweasel
Bulletin has no description...
Debian DSA-1392-1 : xulrunner - several vulnerabilities
Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1095 Michal Zalewski discovered that the unload event handler had access to the address of...
FreeBSD : drupal --- multiple vulnerabilities (9c00d446-8208-11dc-9283-0016179b2dd5)
The Drupal Project reports : In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of...
[SECURITY] [DSA 1392-1] New xulrunner packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1392-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 20th, 2007 http://www.debian.org/security/faq -...
DSA-1392-1 xulrunner - several vulnerabilities
Bulletin has no description...
CVE-2007-5595
CRLF injection vulnerability in the drupalgoto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...
CVE-2007-5595
CRLF injection vulnerability in the drupalgoto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...
CVE-2007-5595
Drupal 4.7.x before 4.7.8 and 5.x before 5.3 contains a CRLF injection vulnerability in the drupal_goto function (includes/common.inc). Remote attackers can inject arbitrary HTTP headers and perform HTTP response splitting via unspecified vectors. Public references describe fixes upgrading to Dru...
SA-2007-024 - Drupal Core - HTTP response splitting
In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of issues, among them cache...
drupal --- multiple vulnerabilities
The Drupal Project reports: In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of...
CVE-2003-1338
The CVE-2003-1338 entry documents a CRLF injection vulnerability in Aprelium Abyss Web Server
CVE-2003-1338
CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header...
Unfixed HTTP Response Splitting vulnerability at www.bereketlikasabasi.com
Security researcher st@rext, has submitted on 20/09/2007 a HTTP Response Splitting vulnerability affecting www.bereketlikasabasi.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/09/2007. It is...
Crlf injection
CRLF injection vulnerability in Joomla! before 1.0.13 aka Sunglow allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting XSS attacks. NOTE: some of...
CVE-2007-4190
CRLF injection vulnerability in Joomla! before 1.0.13 aka Sunglow allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting XSS attacks. NOTE: some of...
CVE-2007-4190
CRLF injection vulnerability in Joomla! before 1.0.13 aka Sunglow allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting XSS attacks. NOTE: some of...