Firefly MediaServer HTTP Header Multiple DoS Vulnerabilities

Firefly MediaServer is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2587-1 : libcgi-pm-perl - HTTP header injection

It was discovered that the CGI module for Perl does not filter LF characters in the Set-Cookie and P3P headers, potentially allowing attackers to inject HTTP headers. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

[SECURITY] [DSA 2587-1] libcgi-pm-perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2587-1 [email protected] http://www.debian.org/security/ December 11, 2012 http://www.debian.org/security/faq - -------------------------------------------------------------------------...

CVE-2011-2732

Spring Security vulnerability (CVE-2011-2732) involves CRLF injection in logout handling via the spring-security-redirect parameter, allowing header injection and HTTP response splitting. Affected versions: 2.0.0–2.0.6 and 3.0.0–3.0.5. Root cause: shared logout code reads the redirect parameter f...

Apple QuickTime 7.7.2 MIME Type Buffer Overflow

This module exploits a buffer overflow in Apple QuickTime 7.7.2. The stack based overflow occurs when processing a malformed Content-Type header. The module has been tested successfully on Safari 5.1.7 and 5.0.7 on Windows XP SP3. This module requires Metasploit: https://metasploit.com/download...

Ubuntu Update for python-django USN-1632-2

Ubuntu Update for Linux kernel vulnerabilities USN-1632-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN16322.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for python-django USN-1632-2 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.ne...

Ubuntu: Security Advisory (USN-1632-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : python-django regression (USN-1632-2)

USN-1632-1 fixed a vulnerability in Django. The upstream fix introduced testsuite failures when ADMINS and/or MANAGERS were defined in settings.py. This update fixes the problem. We apologize for the inconvenience. James Kettle discovered Django did not properly filter the Host HTTP header when...

FireFly Media Server Multiple Remote DoS Vulnerabilities

High-Tech Bridge Security Research Lab has discovered multiple remote denial of service DoS vulnerabilities in FireFly Media Server, which could be exploited by a malicious person to crash a remote server. 1 Multiple NULL pointer dereference vulnerabilities in FireFly Media Server: CVE-2012-5875...

USN-1632-2: Django regression

USN-1632-1 fixed a vulnerability in Django. The upstream fix introduced testsuite failures when ADMINS and/or MANAGERS were defined in settings.py. This update fixes the problem. We apologize for the inconvenience. Original advisory details: James Kettle discovered Django did not properly filter...

Ubuntu Update for python-django USN-1632-1

Ubuntu Update for Linux kernel vulnerabilities USN-1632-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16321.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for python-django USN-1632-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.ne...

[USN-1632-1] Django vulnerability

========================================================================== Ubuntu Security Notice USN-1632-1 November 15, 2012 python-django vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : python-django vulnerability (USN-1632-1)

James Kettle discovered Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu...

USN-1632-1: Django vulnerability

James Kettle discovered Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users...

ZenPhoto 1.4.3.3 - Multiple Vulnerabilities

ZenPhoto 1.4.3.3 - Multiple Vulnerabilities waraxe-2012-SA096 - Multiple Vulnerabilities in Zenphoto 1.4.3.3 =============================================================================== Author: Janek Vind "waraxe" Date: 03. November 2012 Location: Estonia, Tartu Web:...

Zenphoto 1.4.3.3 SQL Injection / Interface Exposure / XSS

waraxe-2012-SA096 - Multiple Vulnerabilities in Zenphoto 1.4.3.3 =============================================================================== Author: Janek Vind "waraxe" Date: 03. November 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-96.html Description of vulnerable...

Zenphoto 1.4.3.3 Multiple Vulnerabilities

Exploit for php platform in category web applications Multiple Vulnerabilities in Zenphoto 1.4.3.3 Author: Janek Vind "waraxe" Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-96.html Description of vulnerable software: Zenphoto is a standalone CMS for multimedia focused websites. Our...

JVN#39563771: Pebble vulnerable to HTTP header injection

Pebble is an open source weblog system. Pebble contains an HTTP header injection vulnerability. Impact Forged information may be displayed on the user's web browser, arbitrary scripts may be executed or arbitrary values may be set for cookies. Solution Update the software Update to the latest...

Cogent DataHub XSS and CRLF

Overview ICS-CERT is aware of a public report of multiple vulnerabilities in Cogent’s DataHub application. These vulnerabilities include cross-site scripting and an HTTP header injection vulnerability, also known as a carriage return line feed. According to the report, Cogent Real-Times Systems...

CVE-2012-5332

at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a long string in an HTTP header field, as demonstrated using the If-Unmodified-Since field...