CVE-2005-4521

CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via 1 the return parameter in logincookietest.php and 2 ref parameter in loginselectprojpage.php...

[ GLSA 200512-12 ] Mantis: Multiple vulnerabilities

Gentoo Linux Security Advisory GLSA 200512-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

GLSA-200511-18 : phpSysInfo: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200511-18 phpSysInfo: Multiple vulnerabilities Christopher Kunz from the Hardened-PHP Project discovered that phpSysInfo is vulnerable to local file inclusion, cross-site scripting and a HTTP Response Splitting attacks. Impact : A...

CVE-2005-3982

CRLF injection vulnerability in layerstoggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests...

CVE-2005-3982

CVE-2005-3982 is a CRLF injection vulnerability in WebCalendar 1.0.1 (layers_toggle.php) that can allow remote attackers to modify HTTP headers and perform HTTP response splitting via the ret parameter used for redirects. Debian advisory DSA-1002-1 notes multiple issues in webcalendar and provide...

CVE-2005-3982

CRLF injection vulnerability in layerstoggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests...

WebCalendar < 1.0.2 Multiple Vulnerabilities

The remote version of WebCalendar does not validate input to the 'id' and 'format' parameters of the 'exporthandler.php' script before using it to overwrite files on the remote host, subject to the privileges of the web server user id. In addition, the 'activitylog.php', 'adminhandler.php',...

WebCalendar 1.0.1 - Layers_Toggle.php HTTP Response Splitting

WebCalendar 1.0.1 - LayersToggle.php HTTP Response Splitting source: https://www.securityfocus.com/bid/15673/info WebCalendar is prone to an HTTP response-splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may...

drupal -- multiple vulnerabilities

Secunia reports: Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to bypass certain security restrictions, and conduct script insertion and HTTP response splitting attacks. 1 An input validation error in the filtering of HTML code can be exploited to...

WebCalendar 1.0.1 - &#039;Layers_Toggle.php&#039; HTTP Response Splitting

source: https://www.securityfocus.com/bid/15673/info WebCalendar is prone to an HTTP response-splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how web...

WebCalendar < 1.0.2 Multiple Vulnerabilities

Binary data 3303.prm...

CVE-2005-3791

The vulnerability CVE-2005-3791 affects PHPAdsNew and phpPgAds up to version 2.0.6. The root cause is an HTTP response splitting flaw in adclick.php (and possibly other vectors), allowing remote attackers to inject arbitrary HTML headers. Reported impact: confidentiality unaffected, integrity par...

CVE-2005-3791

HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 and earlier allows remote attackers to inject arbitrary HTML headers via adclick.php and possibly other unspecified vectors...

phpSysInfo: Multiple vulnerabilities

Background phpSysInfo displays various system stats via PHP scripts. Description Christopher Kunz from the Hardened-PHP Project discovered that phpSysInfo is vulnerable to local file inclusion, cross-site scripting and a HTTP Response Splitting attacks. Impact A local attacker may exploit the fil...

CVE-2005-3348

HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter...

CVE-2005-3348

HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter...

CVE-2005-3348

CVE-2005-3348 is a HTTP Response Splitting vulnerability in phpSysInfo (2.4 and earlier) used by phpGroupWare (0.9.16 and earlier) and eGroupWare (before 1.0.0.009). Exploitation via CRLF sequences in the charset parameter can cause web content spoofing and cache poisoning. OpenVAS entries (and D...

[SECURITY] [DSA 899-1] New egroupware packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 899-1 [email protected] http://www.debian.org/security/ Martin Schulze November 17th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 898-1] New phpgroupware packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 898-1 [email protected] http://www.debian.org/security/ Martin Schulze November 17th, 2005 http://www.debian.org/security/faq -...

CVE-2005-3633

HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server WAS 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter...