Lucene search
K

3718 matches found

Exploit DB
Exploit DB
added 2011/11/08 12:0 a.m.26 views

11in1 CMS 1.0.1 - 'do.php' CRLF Injection

11in1 CMS v1.0.1 do.php CRLF Injection Vulnerability Vendor: 11in1 Product web page: http://www.11in1.org Affected version: 1.0.1 Summary: Eleven in One is an open-source content management system CMS that is powered by PHP and MySQL. It does not only help you manage your personal blog but also...

7AI score
Exploits0
FreeBSD
FreeBSD
added 2011/11/06 12:0 a.m.33 views

php5 -- header splitting attack via carriage-return character

Rui Hirokawa reports: As of PHP 5.1.2, header can no longer be used to send multiple response headers in a single call to prevent the HTTP Response Splitting Attack. header only checks the linefeed LF, 0x0A as line-end marker, it doesn't check the carriage-return CR, 0x0D. However, some browsers...

4.3CVSS1AI score0.10173EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2011/10/26 12:0 a.m.31 views

Google Chrome < 15.0.874.102 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 15.0.874.102. It therefore is potentially affected by the following vulnerabilities : - Several URL bar spoofing errors exist related to history handling and drag-and-drop of URLs. CVE-2011-2845, CVE-2011-3875 - Whitespace ...

7.5CVSS5.9AI score0.0208EPSS
Exploits0References19
NVD
NVD
added 2011/10/21 10:55 a.m.21 views

CVE-2011-3340

SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

7.5CVSS8.3AI score0.02042EPSS
Exploits1References3
Prion
Prion
added 2011/10/21 10:55 a.m.18 views

Sql injection

SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

7.5CVSS9AI score0.02042EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2011/10/21 10:0 a.m.30 views

CVE-2011-3340

SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

8.3AI score0.02042EPSS
Exploits1References3
CVE
CVE
added 2011/10/21 10:0 a.m.51 views

CVE-2011-3340

CVE-2011-3340 affects Netvolution CMS 2.5.8 (ASP) where the HTTP Referer header parsing allows blind SQL injection. The vulnerability enables remote attackers to alter content, exfiltrate data (usernames, plaintext passwords), and potentially execute commands on the database server without authen...

7.5CVSS8.6AI score0.02042EPSS
Exploits1References3Affected Software1
OpenVAS
OpenVAS
added 2011/10/21 12:0 a.m.74 views

RedHat Update for httpd RHSA-2011:1392-01

Check for the Version of httpd OpenVAS Vulnerability Test RedHat Update for httpd RHSA-2011:1392-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

7.8CVSS8.6AI score0.98945EPSS
Exploits28References2
OpenVAS
OpenVAS
added 2011/10/21 12:0 a.m.96 views

CentOS Update for httpd CESA-2011:1392 centos5 i386

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2011:1392 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

7.8CVSS8.6AI score0.98945EPSS
Exploits28References2
OpenVAS
OpenVAS
added 2011/10/21 12:0 a.m.43 views

CentOS Update for httpd CESA-2011:1392 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

7.8CVSS8.1AI score0.98945EPSS
Exploits28References2
Cent OS
Cent OS
added 2011/10/20 9:19 p.m.105 views

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2011:1392 Updated httpd packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring...

7.8CVSS7.2AI score0.98945EPSS
Exploits28References7
NVD
NVD
added 2011/10/19 3:55 p.m.15 views

CVE-2011-3294

Cross-site scripting XSS vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers VCS with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342...

4.3CVSS5.7AI score0.01689EPSS
Exploits0References4
Prion
Prion
added 2011/10/19 3:55 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers VCS with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342...

4.3CVSS6.2AI score0.01689EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2011/10/14 10:55 a.m.14 views

CVE-2011-3426

Cross-site scripting XSS vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header...

4.3CVSS5AI score0.01821EPSS
Exploits1References9
CVE
CVE
added 2011/10/14 10:0 a.m.66 views

CVE-2011-3426

CVE-2011-3426 is an XSS vulnerability in Safari for iOS prior to 5, caused by Safari’s handling of files with the HTTP Content-Disposition header value “attachment.” A crafted file can execute inline scripts when opened in Safari, enabling remote script execution. Public references (e.g., JVN/JVN...

4.3CVSS5AI score0.01821EPSS
Exploits1References9Affected Software1
Cvelist
Cvelist
added 2011/10/14 10:0 a.m.30 views

CVE-2011-3426

Cross-site scripting XSS vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header...

5AI score0.01821EPSS
Exploits1References9
Prion
Prion
added 2011/10/08 10:55 a.m.16 views

Sql injection

SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action...

7.5CVSS9AI score0.01098EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2011/10/08 10:0 a.m.23 views

CVE-2010-4897

SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action...

8.3AI score0.01098EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2011/10/06 12:0 a.m.66 views

PHP 5.3.11/5.4.0RC2 - &#039;header()&#039; HTTP Header Injection

source: https://www.securityfocus.com/bid/55297/info PHP is prone to a vulnerability that allows attackers to inject arbitrary headers through a URL. By inserting arbitrary headers, attackers may be able to launch cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2011/10/01 12:0 a.m.13 views

Polipo 1.0.4.1 - POSTPUT HTTP Header Processing Denial of Service

Polipo 1.0.4.1 - POSTPUT HTTP Header Processing Denial of Service source: https://www.securityfocus.com/bid/49908/info Polipo is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to crash, denying service to legitimate users. Polipo 1.0.4...

Exploits0
Rows per page
Query Builder