2442 matches found
M4DR007-07SA (security advisory): Multiple vulnerabilities in ASP Nuke 0.80
M4DR007-07SA security advisory: Multiple vulnerabilities in ASP Nuke 0.80 Published: 26 16 2005 Released: 26 16 2005 Name: ASP Nuke Affected Systems: = 0.80 Issue: Cross-Site Scripting, HTTP Response Splitting, SQL Injection Author: Alberto Trivero Vendor: http://www.aspnuke.com/ Software...
ASPNuke 0.80 - 'Language_Select.asp' HTTP Response Splitting
source: https://www.securityfocus.com/bid/14063/info ASPNuke is prone to an HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how Web...
ASPNuke 0.80 - Language_Select.asp HTTP Response Splitting
ASPNuke 0.80 - LanguageSelect.asp HTTP Response Splitting source: https://www.securityfocus.com/bid/14063/info ASPNuke is prone to an HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit th...
ubb652.txt
GulfTech Security Research June 23rd, 2005 Vendor : Infopop Corporation URL : http://www.ubbcentral.com/ubbthreads/ Version : All Versions Prior To 6.5.2 Beta Risk : Multiple Vulnerabilities Description: UBB Threads is a very popular forum system developed by Infopop. There are a number of...
osCommerce application_top.php Multiple Parameter HTTP Response Splitting
The version of osCommerce on the remote host suffers from multiple HTTP response splitting vulnerabilities due to its failure to sanitize user-supplied input to various parameters of the 'includes/applicationtop.php' script, the 'goto' parameter of the 'banner.php' script, and possibly others. An...
osCommerce 2.1/2.2 - Multiple HTTP Response Splitting Vulnerabilities
source: https://www.securityfocus.com/bid/13979/info osCommerce is prone to multiple HTTP response splitting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit any of these vulnerabilities to influence or...
CVE-2005-1951
Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF "%0d%0a" sequences in the 1 productsid or 2 pid parameter to index.php or 3 goto parameter to banner.php...
CVE-2005-1951
osCommerce 2.2 Milestone 2 and earlier are affected by CVE-2005-1951 due to HTTP Response Splitting in multiple parameters (products_id, pid in index.php and goto in banner.php). The vulnerability arises from hex-encoded CRLF sequences, enabling remote attackers to spoof content and potentially p...
CVE-2005-1951
Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF "%0d%0a" sequences in the 1 productsid or 2 pid parameter to index.php or 3 goto parameter to banner.php...
osCommere HTTP Response Splitting
GulfTech Security Research June 10th, 2005 Vendor : osCommerce URL : http://www.oscommerce.com/ Version : osCommerce 2.2 Milestone 2 && Earlier Risk : HTTP Response Splitting Description: osCommerce is a very popular eCommerce application that allows for individuals to host their own online shop...
Fedora Core 3 : squid-2.5.STABLE9-1.FC3.6 (2005-373)
Mon May 16 2005 Jay Fenlason 7:2.5.STABLE9-1.FC3.6 - More upstream patches, including ones for bz157456 CVE-2005-1519 DNS lookups unreliable on untrusted networks bz156162 CVE-1999-0710 cachemgr.cgi access control bypass - The following bugs had already been fixed, but the announcements were lost...
CVE-2004-2054
CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via 1 the mode parameter to privmsg.php or 2 the redirect parameter to login.php...
CVE-2004-2054
The CVE-2004-2054 issue affects phpBB versions 2.0.4 and 2.0.9, where a CRLF injection enables HTTP Response Splitting to alter server HTML content via the mode parameter in privmsg.php or the redirect parameter in login.php. OpenVAS notes additional context for phpBB
CVE-2005-1405
CVE-2005-1405 affects Lotus Domino 6.5.x (before 6.5.4) and 6.0.x (before 6.0.5). The vulnerability is an HTTP response splitting flaw in the @SetHTTPHeader function, enabling attackers to poison the web cache through malicious applications. The provided sources describe the issue and affected ve...
CVE-2005-1405
HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications...
CVE-2005-1405
HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications...
CVE-2005-0843
CRLF injection vulnerability in search.php in Phorum 5.0.14a allows remote attackers to perform HTTP Response Splitting attacks via the body parameter, which is included in the resulting Location header...
CVE-2005-1180
HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF "%0d%0a" sequences in the forwarder parameter...
Just William's Amazon Webstore - HTTP Response Splitting
source: https://www.securityfocus.com/bid/13428/info Amazon Webstore is prone to a HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how W...
Just Williams Amazon Webstore - HTTP Response Splitting
Just Williams Amazon Webstore - HTTP Response Splitting source: https://www.securityfocus.com/bid/13428/info Amazon Webstore is prone to a HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may explo...