3718 matches found
11in1 CMS 1.0.1 - 'do.php' CRLF Injection
11in1 CMS v1.0.1 do.php CRLF Injection Vulnerability Vendor: 11in1 Product web page: http://www.11in1.org Affected version: 1.0.1 Summary: Eleven in One is an open-source content management system CMS that is powered by PHP and MySQL. It does not only help you manage your personal blog but also...
php5 -- header splitting attack via carriage-return character
Rui Hirokawa reports: As of PHP 5.1.2, header can no longer be used to send multiple response headers in a single call to prevent the HTTP Response Splitting Attack. header only checks the linefeed LF, 0x0A as line-end marker, it doesn't check the carriage-return CR, 0x0D. However, some browsers...
Google Chrome < 15.0.874.102 Multiple Vulnerabilities
The version of Google Chrome installed on the remote host is earlier than 15.0.874.102. It therefore is potentially affected by the following vulnerabilities : - Several URL bar spoofing errors exist related to history handling and drag-and-drop of URLs. CVE-2011-2845, CVE-2011-3875 - Whitespace ...
CVE-2011-3340
SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...
Sql injection
SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...
CVE-2011-3340
SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...
CVE-2011-3340
CVE-2011-3340 affects Netvolution CMS 2.5.8 (ASP) where the HTTP Referer header parsing allows blind SQL injection. The vulnerability enables remote attackers to alter content, exfiltrate data (usernames, plaintext passwords), and potentially execute commands on the database server without authen...
RedHat Update for httpd RHSA-2011:1392-01
Check for the Version of httpd OpenVAS Vulnerability Test RedHat Update for httpd RHSA-2011:1392-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...
CentOS Update for httpd CESA-2011:1392 centos5 i386
Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2011:1392 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
CentOS Update for httpd CESA-2011:1392 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
httpd, mod_ssl security update
CentOS Errata and Security Advisory CESA-2011:1392 Updated httpd packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring...
CVE-2011-3294
Cross-site scripting XSS vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers VCS with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342...
Cross site scripting
Cross-site scripting XSS vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers VCS with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342...
CVE-2011-3426
Cross-site scripting XSS vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header...
CVE-2011-3426
CVE-2011-3426 is an XSS vulnerability in Safari for iOS prior to 5, caused by Safari’s handling of files with the HTTP Content-Disposition header value “attachment.” A crafted file can execute inline scripts when opened in Safari, enabling remote script execution. Public references (e.g., JVN/JVN...
CVE-2011-3426
Cross-site scripting XSS vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header...
Sql injection
SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action...
CVE-2010-4897
SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action...
PHP 5.3.11/5.4.0RC2 - 'header()' HTTP Header Injection
source: https://www.securityfocus.com/bid/55297/info PHP is prone to a vulnerability that allows attackers to inject arbitrary headers through a URL. By inserting arbitrary headers, attackers may be able to launch cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks...
Polipo 1.0.4.1 - POSTPUT HTTP Header Processing Denial of Service
Polipo 1.0.4.1 - POSTPUT HTTP Header Processing Denial of Service source: https://www.securityfocus.com/bid/49908/info Polipo is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to crash, denying service to legitimate users. Polipo 1.0.4...