perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting

CRLF injection vulnerability in the header function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in 1 view/admin/logitem.php and 2 view/admin/logitemdetails.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist...

CVE-2011-4562

Multiple cross-site scripting XSS vulnerabilities in 1 view/admin/logitem.php and 2 view/admin/logitemdetails.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist...

WordPress Redirection Plugin <= 2.2.9 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist. Solution Update the plugin...

Mandriva Update for apache MDVSA-2011:168 (apache)

Check for the Version of apache OpenVAS Vulnerability Test Mandriva Update for apache MDVSA-2011:168 apache Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Mandriva Linux Security Advisory : apache (MDVSA-2011:168)

A vulnerability has been discovered and corrected in apache : The modproxyajp module in the Apache HTTP Server before 2.2.21, when used with modproxybalancer in certain configurations, allows remote attackers to cause a denial of service temporary error state in the backend server via a malformed...

11in1 CMS 1.0.1 - &#039;do.php&#039; CRLF Injection

11in1 CMS v1.0.1 do.php CRLF Injection Vulnerability Vendor: 11in1 Product web page: http://www.11in1.org Affected version: 1.0.1 Summary: Eleven in One is an open-source content management system CMS that is powered by PHP and MySQL. It does not only help you manage your personal blog but also...

php5 -- header splitting attack via carriage-return character

Rui Hirokawa reports: As of PHP 5.1.2, header can no longer be used to send multiple response headers in a single call to prevent the HTTP Response Splitting Attack. header only checks the linefeed LF, 0x0A as line-end marker, it doesn't check the carriage-return CR, 0x0D. However, some browsers...

Google Chrome < 15.0.874.102 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 15.0.874.102. It therefore is potentially affected by the following vulnerabilities : - Several URL bar spoofing errors exist related to history handling and drag-and-drop of URLs. CVE-2011-2845, CVE-2011-3875 - Whitespace ...

CVE-2011-3340

SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

Sql injection

SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

CVE-2011-3340

CVE-2011-3340 affects Netvolution CMS 2.5.8 (ASP) where the HTTP Referer header parsing allows blind SQL injection. The vulnerability enables remote attackers to alter content, exfiltrate data (usernames, plaintext passwords), and potentially execute commands on the database server without authen...

CVE-2011-3340

SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

CentOS Update for httpd CESA-2011:1392 centos5 i386

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2011:1392 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

RedHat Update for httpd RHSA-2011:1392-01

Check for the Version of httpd OpenVAS Vulnerability Test RedHat Update for httpd RHSA-2011:1392-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

CentOS Update for httpd CESA-2011:1392 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2011:1392 Updated httpd packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring...

CVE-2011-3294

Cross-site scripting XSS vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers VCS with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342...

Cross site scripting

Cross-site scripting XSS vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers VCS with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342...

CVE-2011-3426

Cross-site scripting XSS vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header...