2442 matches found
CVE-2007-4190
CVE-2007-4190 (Joomla!) : A CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and potentially perform HTTP response splitting, which can enable cross-site scripting in some cases. The flaw arises from CRLF sequences in the...
Crlf injection
CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function SAF uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote...
CVE-2007-4164
CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function SAF uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote...
CVE-2007-4164
CVE-2007-4164 affects Sun Java System Web Server 6.1 and 7.0; CRLF injection in the redirect SAF when url-prefix is used (escape disabled) or Error directive uses url-prefix in obj.conf, enabling remote HTTP header injection/response splitting. Affected products require patches: Web Server 6.1 pa...
Crlf injection
CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting XS...
CVE-2007-2404
CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting XS...
CVE-2007-2404
CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting XS...
CVE-2007-2404
CVE-2007-2404: CRLF injection vulnerability in CFNetwork on Mac OS X 10.3.9/10.4.10 prior to 20070731 allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting; note this can enable XSS. Affected component: CFNetwork. Root cause: CRLF sequence handling in HTTP r...
FreeBSD : joomla -- multiple vulnerabilities (4872d9a7-4128-11dc-bdb0-0016179b2dd5)
A Secunia Advisory reports : joomla can be exploited to conduct session fixation attacks, cross-site scripting attacks or HTTP response splitting attacks. Certain unspecified input passed in comsearch, comcontent and modlogin is not properly sanitised before being returned to a user. This can be...
joomla -- multiple vulnerabilities
A Secunia Advisory reports: joomla can be exploited to conduct session fixation attacks, cross-site scripting attacks or HTTP response splitting attacks. Certain unspecified input passed in comsearch, comcontent and modlogin is not properly sanitised before being returned to a user. This can be...
Debian DSA-1331-1 : php4 - several vulnerabilities
Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0207 Stefan Esser discovered HTTP respons...
DSA-1331-1 php4 - several vulnerabilities
Bulletin has no description...
Unfixed HTTP Response Splitting vulnerability at www.mil.undip.ac.id
Security researcher Python 5, has submitted on 22/05/2007 a HTTP Response Splitting vulnerability affecting www.mil.undip.ac.id, which at the time of submission ranked 228965 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 22/05/2007. It is...
CVE-2007-2618
CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We d...
Crlf injection
CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We d...
CVE-2007-2618
CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We d...
CVE-2007-2618
The CVE-2007-2618 issue affects Drake CMS 0.4.0, identifying a CRLF injection vulnerability in index.php. The root cause is a CRLF sequence in the lang parameter that enables an attacker to inject arbitrary HTTP headers and perform HTTP response splitting. Public details describe the vulnerable c...
CVE-2007-2550
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to 1 cart.php or 2 index.php...
Crlf injection
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to 1 cart.php or 2 index.php...
CVE-2007-2550
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to 1 cart.php or 2 index.php...