CVE-2016-0789

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

Crlf injection

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

CVE-2016-0789

CVE-2016-0789 is a CRLF injection vulnerability in the Jenkins CLI command documentation that allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via unspecified vectors. Affected products are Jenkins prior to version 1.650 and LTS prior to 1.642.2. The ro...

Drupal Core HTTP headers SQL Injection

No description provided by source...

Cisco's 'High Severity' Flaw Lets Malware Bypass FirePower Firewall

Technology vendor Cisco is pushing out security updates to customers to address a critical vulnerability found in its recently introduced line of FirePower firewall products. The vulnerability, according to Cisco, allows attackers to slip malware onto critical systems without detection. The flaw...

CVE-2016-1345

Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726...

Authentication flaw

Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726...

CVE-2016-1345

Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726...

CVE-2016-1345

Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726...

Uber: CRLF Injection in developer.uber.com

The website located at https://developer.uber.com/ suffers from CRLF injection. This allows me to inject JavaScript, HTML as well as arbitrary HTTP Headers. Besides this, I can change the HTTP Response code as well, to display whatever I want in the victim's browser. The vulnerability resides in...

The vulnerability of the microprogramming software used in Cisco RV220W network switches allows attackers to execute arbitrary SQL commands.

The vulnerability of the web interface for managing microprogramming software on the Cisco RV220W network switch is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using a specially...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

CVE-2016-1138

CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors...

Crlf injection

CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors...

CVE-2016-1138

CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors...

F5 Networks BIG-IP : CRIME vulnerability via the SPDY protocol (K14059)

The SPDY protocol 3, and earlier, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data. This allows man-in-the-middle attackers to obtain plain text HTTP headers by observing length differences during a series of guesses in which a string i...

Vulnerabilities of Microsoft Edge and Internet Explorer browsers, which allow attackers to bypass the protection mechanisms against cross-site scripting attacks

The vulnerabilities of Microsoft Edge and Internet Explorer are caused by errors in the processing of HTTP response headers. Exploiting these vulnerabilities allows a malicious actor to bypass the protection mechanisms against cross-site scripting attacks...

H2O HTTP Server < 1.6.2, 1.7.x < 1.7.0-beta3 CRLF Injection Vulnerability

H2O HTTP Server is prone to a CRLF injection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:h2oproject:h2o";...

Apache Server ETag Header Information Disclosure

The remote web server is affected by an information disclosure vulnerability due to the ETag header providing sensitive information that could aid an attacker, such as the inode number of requested files. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid88098;...

Crlf injection

CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting XSS attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit....