CVE-2016-1900

CRLF injection vulnerability in the cgitprinthttpheaders function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting XSS attacks via newline...

CVE-2016-1900

CVE-2016-1900 affects CGit prior to 0.12. The vulnerability arises from CRLF/header injection in cgit_print_http_headers (ui-shared.c), enabling a remote attacker with write-access to a repository to inject arbitrary HTTP headers and trigger HTTP response splitting and potential XSS via newline c...

CVE-2016-1133

CRLF injection vulnerability in the onreq function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI...

CVE-2016-1133

CRLF injection vulnerability in the onreq function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI...

Crlf injection

CRLF injection vulnerability in the onreq function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI...

CVE-2016-1133

CRLF injection vulnerability in the onreq function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI...

CVE-2016-1133

CVE-2016-1133 affects the H2O HTTP Server. The vulnerability is a CRLF injection in the on_req function (lib/handler/redirect.c) that enables remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via a crafted URI. Affected versions are H2O before 1.6.2 and 1.7.x b...

CVE-2016-1133

CRLF injection vulnerability in the onreq function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI...

Design/Logic Flaw

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...

CVE-2015-1779

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...

CVE-2015-1779

CVE-2015-1779 affects QEMU with the VNC websocket frame decoder. The issue allows a remote attacker to cause a denial of service by sending oversized websocket payloads or HTTP headers, exhausting CPU and memory. Impact is observed when an attacker accesses a guest’s VNC console over the network....

CVE-2015-1779

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...

CVE-2015-1779

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...

Joomla HTTP Header Unauthenticated Remote Code Execution

Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it's possible to truncate the input by sending an UTF-8 character. The custom created payload is then executed once the sessi...

CVE-2015-5245

CRLF injection vulnerability in the Ceph Object Gateway aka radosgw or RGW in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name...

CVE-2015-5245

CRLF injection vulnerability in the Ceph Object Gateway aka radosgw or RGW in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name...

CVE-2015-5245

CRLF injection vulnerability in the Ceph Object Gateway aka radosgw or RGW in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name...

Nuclear Exploit Kit Spreading Cryptowall 4.0 Ransomware

In short order, the newest version of Cryptowall has begun showing up in exploit kits. The SANS Internet Storm Center said on Tuesday that an attacker working off domains belonging to Chinese registrar BizCN has been moving the ransomware via the Nuclear Exploit Kit. SANS ISC handler and Rackspac...

Crlf injection

CRLF injection vulnerability in IBM WebSphere Application Server WAS 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL...

CVE-2015-2017

CVE-2015-2017 is an HTTP response-splitting/CRLF injection vulnerability in IBM WebSphere Application Server. Affected are WAS 6.1 (up to 6.1.0.47), 7.0 (before 7.0.0.39), 8.0 (before 8.0.0.12), and 8.5 (before 8.5.5.8). Exploitation could allow remote attackers to inject headers and perform resp...