PHP Handicapper - Process_signup.php HTTP Response Splitting

PHP Handicapper - Processsignup.php HTTP Response Splitting source: https://www.securityfocus.com/bid/15301/info PHP Handicapper is vulnerable to an HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker...

DCP-Portal <= 5.3.2 Multiple Vulnerabilities - Active Check

DCP-Portal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2003 k-otik.com SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

IdealBB multiple flaws

The remote version of this IdealBB is vulnerable to multiple flaws: SQL injection, cross-site scripting and HTTP response splitting vulnerabilities. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respecti...

Snitz Forums 2000 HTTP Response Splitting

The remote host is using Snitz Forums 2000 - an ASP based forum/bbs. There is a bug in this software which makes it vulnerable to HTTP response splitting vulnerability. SPDX-FileCopyrightText: 2004 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are Copyright...

phpBB < 2.0.10 Multiple Vulnerabilities

phpBB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpbb:phpbb"; ifdescription...

PHP Handicapper (2005) - &#039;Process_signup.php&#039; HTTP Response Splitting

source: https://www.securityfocus.com/bid/15301/info PHP Handicapper is vulnerable to an HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent...

CVE-2004-2512

CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the PHPSESSID parameter...

CVE-2004-2512

CVE-2004-2512 affects DCP-Portal 5.3.2 and earlier. It is a CRLF injection/vulnerability in calendar.php that enables HTTP response splitting via CRLF (%0d%0a) sequences in the PHPSESSID parameter, allowing spoofing of web content and potential cache poisoning. The provided documents confirm the ...

[SNS Advisory No.84] Oracle Application Server HTTP Response Splitting Vulnerability

---------------------------------------------------------------------- SNS Advisory No.84 Oracle Application Server HTTP Response Splitting Vulnerability Problem first discovered on: Tue, 01 Feb 2005 Published on: Tue, 21 Oct 2005...

ASP-Nuke &lt;= 0.80 language_select.aspHTTP响应拆分漏洞

BUGTRAQ: 14063 ASPNuke中存在HTTP响应拆分漏洞，成功利用这个漏洞的攻击者可以影响或误导保存、缓存或解释Web内容的方式。 起因是没有正确的过滤用户输入。请看/module/support/language/languageselect.asp第31行代码： ... If steForm action = go Then make sure the required fields are present If TrimsteForm LangCode = Then sErrorMsg = steGetText Please select a language fro...

FreeBSD : squid -- HTTP response splitting cache pollution attack (4e4bd2c2-6bd5-11d9-9e1e-c296ac722cb3)

According to a whitepaper published by Sanctum, Inc., it is possible to mount cache poisoning attacks against, among others, squid proxies by inserting false replies into the HTTP stream. The squid patches page notes : This patch additionally strengthens Squid from the HTTP response attack...

CVE-2004-2208

CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to conduct HTTP response splitting attacks via unknown vectors...

CVE-2004-2208

IdealBB (Ideal Science) web bulletin board versions 1.4.9–1.5.3 are affected by a CRLF injection vulnerability that enables HTTP response splitting. The CVE-2004-2208 entries across NVD, Red Hat, CVE listing, and OpenVAS describe this as a remote issue with unknown vectors, impacting integrity (I...

CVE-2004-2146

CVE-2004-2146 describes a CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1. The issue allows HTTP response splitting through the fid parameter in the writenew action to thread-post.asp, indicating that unsanitized input leads to header manipulation. Affected software: MegaBBS 2 and ...

CVE-2004-2146

CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP response splitting attacks via the fid parameter in a writenew action to thread-post.asp...

CVE-2005-2060

Multiple HTTP Response Splitting vulnerabilities in 1 toggleshow.php, 2 togglecats.php, and 3 showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the Cat parameter...

M4DR007-07SA.txt

M4DR007-07SA security advisory: Multiple vulnerabilities in ASP Nuke 0.80 Published: 26 16 2005 Released: 26 16 2005 Name: ASP Nuke Affected Systems: req " SIZE="22" MAXLENGTH="80" class="form" ... ? As we can see there isn't any control on the 'email' parameter when the board get it's value. Sin...

CVE-2005-2065

Affected product: ASP Nuke 0.80 (language_select.asp). Vulnerability: HTTP response splitting via CRLF ("%0d%0a") in the LangCode parameter. Impact (as stated): remote attackers can spoof web content and poison web caches. Root cause: unsafely untrusted LangCode parameter allowing CRLF sequences....

CVE-2005-2060

Infopop UBB.Threads (before 6.5.2 Beta) is affected by HTTP Response Splitting in three scripts (toggleshow.php, togglecats.php, showprofile.php) via CRLF sequences in the Cat parameter. Root cause: insufficient input validation leads to remote spoofing of content and potential web-cache poisonin...

CVE-2005-2060

Multiple HTTP Response Splitting vulnerabilities in 1 toggleshow.php, 2 togglecats.php, and 3 showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the Cat parameter...