Lucene search
K

2442 matches found

CVE
CVE
added 2007/08/08 1:11 a.m.58 views

CVE-2007-4190

CVE-2007-4190 (Joomla!) : A CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and potentially perform HTTP response splitting, which can enable cross-site scripting in some cases. The flaw arises from CRLF sequences in the...

4.3CVSS5.9AI score0.01673EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2007/08/07 10:17 a.m.24 views

Crlf injection

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function SAF uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote...

7.5CVSS7AI score0.02465EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2007/08/07 10:0 a.m.31 views

CVE-2007-4164

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function SAF uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote...

6.6AI score0.02465EPSS
Exploits0References6
CVE
CVE
added 2007/08/07 10:0 a.m.55 views

CVE-2007-4164

CVE-2007-4164 affects Sun Java System Web Server 6.1 and 7.0; CRLF injection in the redirect SAF when url-prefix is used (escape disabled) or Error directive uses url-prefix in obj.conf, enabling remote HTTP header injection/response splitting. Affected products require patches: Web Server 6.1 pa...

7.5CVSS6.6AI score0.02465EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2007/08/03 10:17 a.m.16 views

Crlf injection

CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting XS...

5CVSS5.7AI score0.01398EPSS
Exploits1References7Affected Software2
NVD
NVD
added 2007/08/03 10:17 a.m.14 views

CVE-2007-2404

CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting XS...

5CVSS5.7AI score0.01398EPSS
Exploits1References7
Cvelist
Cvelist
added 2007/08/03 10:0 a.m.26 views

CVE-2007-2404

CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting XS...

5.7AI score0.01398EPSS
Exploits1References7
CVE
CVE
added 2007/08/03 10:0 a.m.53 views

CVE-2007-2404

CVE-2007-2404: CRLF injection vulnerability in CFNetwork on Mac OS X 10.3.9/10.4.10 prior to 20070731 allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting; note this can enable XSS. Affected component: CFNetwork. Root cause: CRLF sequence handling in HTTP r...

5CVSS5.7AI score0.01398EPSS
Exploits1References7Affected Software2
Tenable Nessus
Tenable Nessus
added 2007/08/03 12:0 a.m.34 views

FreeBSD : joomla -- multiple vulnerabilities (4872d9a7-4128-11dc-bdb0-0016179b2dd5)

A Secunia Advisory reports : joomla can be exploited to conduct session fixation attacks, cross-site scripting attacks or HTTP response splitting attacks. Certain unspecified input passed in comsearch, comcontent and modlogin is not properly sanitised before being returned to a user. This can be...

9.3CVSS6AI score0.03758EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2007/07/30 12:0 a.m.26 views

joomla -- multiple vulnerabilities

A Secunia Advisory reports: joomla can be exploited to conduct session fixation attacks, cross-site scripting attacks or HTTP response splitting attacks. Certain unspecified input passed in comsearch, comcontent and modlogin is not properly sanitised before being returned to a user. This can be...

9.3CVSS6.5AI score0.03758EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2007/07/10 12:0 a.m.36 views

Debian DSA-1331-1 : php4 - several vulnerabilities

Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0207 Stefan Esser discovered HTTP respons...

7.5CVSS6.2AI score0.04247EPSS
Exploits0References7
OSV
OSV
added 2007/07/07 12:0 a.m.42 views

DSA-1331-1 php4 - several vulnerabilities

Bulletin has no description...

7.5CVSS7.5AI score0.04247EPSS
Exploits0
xssed
xssed
added 2007/05/22 12:0 a.m.18 views

Unfixed HTTP Response Splitting vulnerability at www.mil.undip.ac.id

Security researcher Python 5, has submitted on 22/05/2007 a HTTP Response Splitting vulnerability affecting www.mil.undip.ac.id, which at the time of submission ranked 228965 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 22/05/2007. It is...

Exploits0References1
NVD
NVD
added 2007/05/11 4:19 p.m.12 views

CVE-2007-2618

CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We d...

5.1CVSS7AI score0.0119EPSS
Exploits0References5
Prion
Prion
added 2007/05/11 4:19 p.m.11 views

Crlf injection

CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We d...

5.1CVSS7.5AI score0.0119EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2007/05/11 4:0 p.m.18 views

CVE-2007-2618

CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We d...

7AI score0.0119EPSS
Exploits0References5
CVE
CVE
added 2007/05/11 4:0 p.m.44 views

CVE-2007-2618

The CVE-2007-2618 issue affects Drake CMS 0.4.0, identifying a CRLF injection vulnerability in index.php. The root cause is a CRLF sequence in the lang parameter that enables an attacker to inject arbitrary HTTP headers and perform HTTP response splitting. Public details describe the vulnerable c...

5.1CVSS7AI score0.0119EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2007/05/09 10:19 a.m.19 views

CVE-2007-2550

Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to 1 cart.php or 2 index.php...

5CVSS7.2AI score0.02243EPSS
Exploits0References8
Prion
Prion
added 2007/05/09 10:19 a.m.16 views

Crlf injection

Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to 1 cart.php or 2 index.php...

5CVSS7.7AI score0.02243EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2007/05/09 10:0 a.m.20 views

CVE-2007-2550

Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to 1 cart.php or 2 index.php...

7.2AI score0.02243EPSS
Exploits0References8
Rows per page
Query Builder