2442 matches found
CVE-2006-6699
Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to 1 calendarDialog.jsp or 2 fred.jsp. NOTE: the calendar.jsp vect...
CVE-2006-6699
CVE-2006-6699 describes multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 (and possibly other versions) that allow remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via CRLF sequences in the enc parameter to calendarDialog.jsp or fred.jsp. The cale...
CVE-2006-6697
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter...
CVE-2006-6697
CVE-2006-6697 describes a CRLF injection in Oracle Portal 10g and earlier (including 9.0.2) via webapp/jsp/calendar.jsp where an attacker can inject arbitrary HTTP headers and trigger HTTP response splitting by manipulating the enc parameter. Related entries note that CVE-2006-6699’s calendar.jsp...
Oracle Portal 10g HTTP Response Splitting
Oracle Portal/Applications HTTP Response Splitting -------------------------------------------------- Sample: http://target/webapp/jsp/calendar.jsp?enc=iso-8859-10d0aContent-length=120d0a0d0a3Cscript3Ealert'hi'3C/script3E How an attack can be conducted? ------------------------------- Oracle Port...
Oracle Portal 9.0.2 - Calendar.jsp Multiple HTTP Response Splitting Vulnerabilities
source: https://www.securityfocus.com/bid/21686/info Oracle Portal is prone to multiple HTTP response-splitting vulnerabilities because the application fails to properly sanitize user-supplied input. A remote attacker may exploit these vulnerabilities to influence or misrepresent how web content ...
phpBBHTTP应答分割攻击及跨站脚本执行漏洞 Exploit
No description provided by source. Ory Segal ([email protected])提供了如下测试方法: 跨站脚本攻击: http://SERVER/phpBB2/search.php?searchauthor='scriptalertdocument.cookie/script HTTP应答分割 REQUEST POST /phpBB2/login.php HTTP/1.0 Host: SERVER User-Agent: Mozilla/4.7 en WinNT; I Accept-Encoding: gzip...
CVE-2006-6374
Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in 1 css/phpmyadmin.css.php, 2 dbcreate.php, 3 index.php, 4 left.php, 5...
CVE-2006-6374
Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in 1 css/phpmyadmin.css.php, 2 dbcreate.php, 3 index.php, 4 left.php, 5...
CVE-2006-6374
The CVE-2006-6374 vulnerability affects PhpMyAdmin 2.7.0-pl2, with multiple CRLF injection flaws enabling HTTP header injection and response splitting via CRLF sequences in a PhpMyAdmin cookie. Affected components include css/phpmyadmin.css.php, db_create.php, index.php, left.php, libraries/sessi...
CVE-2006-6374
Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in 1 css/phpmyadmin.css.php, 2 dbcreate.php, 3 index.php, 4 left.php, 5...
ASPNukelanguage_select.aspHTTP响应拆分漏洞 Exploit
No description provided by source. http://www.example.com/module/support/language/languageselect.asp?action=go&LangCode=trivero%0d%0aSet-Cookie%3Asome%3Dvalue 以下是HTTP首部示例: 请求: POST /module/support/language/languageselect.asp?action=go&LangCode=trivero%0d%0 aSet-Cookie%3Asome%3Dvalue HTTP/1.0...
PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting
Title : PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting Vulnerability Author : ajann Contact : : Tested : Just 2.7.0-pl2 CRLF------------------------------------------------------ Files---- /css/phpmyadmin.css.php /dbcreate.php /index.php /left.php...
Debian DSA-1207-2 : phpmyadmin - several vulnerabilities
The phpmyadmin update in DSA 1207 introduced a regression. This update corrects this flaw. For completeness, please find below the original advisory text : Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The Common Vulnerabilities a...
CVE-2006-5566
CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the 1 linksexchange, 2 news, 3 searchwithchangecategoryability, 4 logging, 5 feedback, 6 showprice, 7 registe...
CVE-2006-5566
CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the 1 linksexchange, 2 news, 3 searchwithchangecategoryability, 4 logging, 5 feedback, 6 showprice, 7 registe...
Shop-Script.txt
Vendor: Shop-Script a division of WebAsyst LLC Application: Shop-Script www.shop-script.com I. Descriptions: Shop-Script is a PHP based shopping cart. Multiple links of shop-script are vulnerable to a new form of application attack technique called HTTP Response splitting aka CRLF Injection. HTTP...
Multiple HTTP response splitting vulnerabilities in SHOP-SCRIPT
Vendor: Shop-Script a division of WebAsyst LLC Application: Shop-Script www.shop-script.com I. Descriptions: Shop-Script is a PHP based shopping cart. Multiple links of shop-script are vulnerable to a new form of application attack technique called HTTP Response splitting aka CRLF Injection. HTTP...
Shop-Script - Multiple HTTP Response Splitting Vulnerabilities
source: https://www.securityfocus.com/bid/20685/info Shop-Script is prone to multiple HTTP response-splitting vulnerabilities because the application fails to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is...
Debian DSA-897-1 : phpsysinfo - programming errors
Several vulnerabilities have been discovered in phpsysinfo, a PHP based host information application. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-0870 Maksymilian Arciemowicz discovered several cross site scripting problems, of which not all wer...