2442 matches found
FreeBSD : drupal -- multiple vulnerabilities (faca0843-6281-11da-8630-00123ffe8333)
Secunia reports : Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to bypass certain security restrictions, and conduct script insertion and HTTP response splitting attacks. 1 An input validation error in the filtering of HTML code can be exploited to...
vBulletin v3.5.4: HTTP Response Splitting
Здравствуйте, vuln. Уязвимость в параметре url скрипта inlinemod.php при POST-запросе: зарегистрированный пользователь может редактировать http-ответ. ПРИМЕР: POST /vb354/inlinemod.php HTTP/1.0 Cookie: bbpassword=a5c3d9e61bcb8dea99105143c772bcd9; bbuserid=1 Content-Length: 93 Accept: /...
[SECURITY] [DSA 1002-1] New webcalendar packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1002-1 [email protected] http://www.debian.org/security/ Martin Schulze March 15th, 2006 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1002-1] New webcalendar packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1002-1 [email protected] http://www.debian.org/security/ Martin Schulze March 15th, 2006 http://www.debian.org/security/faq -...
DSA-1002-1 webcalendar - several
Bulletin has no description...
Ubuntu 4.10 / 5.04 / 5.10 : php4, php5 vulnerabilities (USN-261-1)
Stefan Esser discovered that the 'session' module did not sufficiently verify the validity of the user-supplied session ID. A remote attacker could exploit this to insert arbitrary HTTP headers into the response sent by the PHP application, which could lead to HTTP Response Splitting forging of...
USN-261-1: PHP vulnerabilities
Stefan Esser discovered that the 'session' module did not sufficiently verify the validity of the user-supplied session ID. A remote attacker could exploit this to insert arbitrary HTTP headers into the response sent by the PHP application, which could lead to HTTP Response Splitting forging of...
Design/Logic Flaw
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function...
CVE-2006-0207
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function...
CVE-2006-0207
CVE-2006-0207 is a PHP HTTP response splitting vulnerability affecting PHP 5.1.1, enabling remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to session extension (ext/session) and the header function. Connected documents (including F5 K13519 and Nessus/Ope...
Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: PHP ext/session HTTP Response Splitting Vulnerability Release Date: 2006/01/12 Last Modified: 2006/01/12 Author: Stefan Esser [email protected] Application: PHP5 = 5.1.1...
Multiple PHP extensions vulnerabilities
mysqli extension format string vulnerability, session extension session id HTTP response splitting...
CVE-2005-4830
CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the content-type parameter...
CVE-2005-4830
CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the content-type parameter...
CVE-2005-4830
CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the content-type parameter...
CVE-2005-4579
Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container BLC P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form...
CVE-2005-4579
Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container BLC P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form...
CVE-2005-4579
Technical specifics (affected product/version, root cause, impact, and fixes) are not provided in the supplied documents. No concrete exploit details are available. Monitor for updates from vendors and advisories to obtain detailed mitigations.
CVE-2005-4521
CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via 1 the return parameter in logincookietest.php and 2 ref parameter in loginselectprojpage.php...
CVE-2005-4521
CVE-2005-4521 is a CRLF injection vulnerability in Mantis (affected: 1.0.0rc3 and earlier) that lets remote attackers modify HTTP headers and perform HTTP response splitting via the login_cookie_test.php return parameter and the login_select_proj_page.php ref parameter. The issue is documented in...