2442 matches found
phpWebSite: HTTP response splitting vulnerability
Background phpWebSite is a web site content management system. Description Due to lack of proper input validation, phpWebSite has been found to be vulnerable to HTTP response splitting attacks. Impact A malicious user could inject arbitrary response data, leading to content spoofing, web cache...
security hole (http response splitting) in phpwebsite
ADVISORY Author: Maestro me! Date: 11-NOV-04 Vendor: Appalachian State University http://phpwebsite.appstate.edu/ Product: phpWebSite 0.9.3-4 Product description from vendor website: phpWebSite provides a complete web site content management system. Web-based administration allows for easy...
phpwebsite.txt
ADVISORY Author: Maestro me! Date: 11-NOV-04 Vendor: Appalachian State University http://phpwebsite.appstate.edu/ Product: phpWebSite 0.9.3-4 Product description from vendor website: phpWebSite provides a complete web site content management system. Web-based administration allows for easy...
webcalendar 0.9.x - Multiple Vulnerabilities
webcalendar 0.9.x - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/11651/info Multiple remote vulnerabilities are reported to exist in WebCalendar. Multiple cross-site scripting vulnerabilites, an HTTP response splitting vulnerability, and two authentication bypass...
webcalendar 0.9.x - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/11651/info Multiple remote vulnerabilities are reported to exist in WebCalendar. Multiple cross-site scripting vulnerabilites, an HTTP response splitting vulnerability, and two authentication bypass vulnerabilities are reported to exist in many different...
HTTP Response Splitting in Serendipity 0.7-beta4
SECURITY ADVISORY: HTTP Response Splitting in Serendipity 0.7-beta4 AUTHOR: Chaotic Evil chaoticevil $$$at$$$ spyring $$$dot$$$ com DATE: October 21st, 2004 PRODUCT: Serendipity 0.7-beta4 October 14th, 2004 Recommended release, most stable - www.s9y.org FROM THE VENDOR WEBSITE: Serendipity is a...
CVE-2004-1620
CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in 1 index.php and 2 exit.php, or 3 the HTTP Referer field in comment.php...
Serendipity < 0.7.0rc1 HTTP Response Splitting
Binary data 2367.prm...
S9Y Serendipity 0.x - exit.php HTTP Response Splitting
S9Y Serendipity 0.x - exit.php HTTP Response Splitting source: https://www.securityfocus.com/bid/11497/info Serendipity is reported prone to an HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or...
IdealBB Multiple Vulnerabilities (XSS, SQLi, more)
The remote host is running IdealBB, a web-based bulletin board written in ASP. The remote version of this software has multiple flaws - SQL injection, cross-site scripting and HTTP response splitting vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
S9Y Serendipity 0.x - 'exit.php' HTTP Response Splitting
source: https://www.securityfocus.com/bid/11497/info Serendipity is reported prone to an HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted. This issue is identified in Serendipity...
Serendipity Multiple Script HTTP Response Splitting
The remote version of Serendipity is affected by an HTTP response- splitting vulnerability that may allow an attacker to perform a cross- site scripting attack against the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
ACROS Security: Unsanitized Session ID Cookie Allows Modifying Server Response
=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2004-10-14-3 ------------------------------------------------------------------------- ASPR 2004-10-14-3: Unsanitized Session ID Cookie Allows Modifying Serv...
GLSA-200410-12 : WordPress: HTTP response splitting and XSS vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200410-12 WordPress: HTTP response splitting and XSS vulnerabilities Due to the lack of input validation in the administration panel scripts, WordPress is vulnerable to HTTP response splitting and cross-site scripting attacks...
WordPress: HTTP response splitting and XSS vulnerabilities
Background WordPress is a PHP and MySQL based content management and publishing system. Description Due to the lack of input validation in the administration panel scripts, WordPress is vulnerable to HTTP response splitting and cross-site scripting attacks. Impact A malicious user could inject...
HTTP Response Splitting Vulnerability in Wordpress 1.2
SECURITY ADVISORY: HTTP Response Splitting in WordPress 1.2 AUTHOR: Chaotic Evil chaoticevil $$$at$$$ spyring $$$dot$$$ com DATE: October 6th, 2004 PRODUCT: WordPress 1.2 wordpress.org FROM THE VENDOR WEBSITE: WordPress is a state-of-the-art semantic personal publishing platform with a focus on...
WordPress 'wp-login.php' HTTP Response Splitting
According to its banner, the remote version of WordPress is vulnerable to an HTTP-splitting attack wherein an attacker can insert CR LF characters and then entice an unsuspecting user into accessing the URL. The client will parse and possibly act on the secondary header which was supplied by the...
WordPress < 1.2.1 'wp-login.php' HTTP Response Splitting
Binary data 2356.prm...
[Full-Disclosure] [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal
Title: Maxpatrol Security Advisory Multiple vulnerabilities in DCP-Portal Date: 28.09.2004 Severity: Low Application: DCP-Portal, dcp-portal Platform: PHP I. DESCRIPTION -------------- Multiple vulnerabilities were found in DCP-Portal. A remote user can conduct cross-site scripting attacks and HT...
WordPress 1.2 - wp-login.php HTTP Response Splitting
WordPress 1.2 - wp-login.php HTTP Response Splitting source: https://www.securityfocus.com/bid/11348/info Wordpress is reported prone to a HTTP response splitting vulnerability. The issue presents itself due to a flaw in the affected script that allows an attacker to manipulate how GET requests a...