Crlf injection

CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the camefrom parameter to admin/login...

PYSEC-2015-13

CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the camefrom parameter to admin/login...

Shell Shock Auto Exploitation Script

Title: Shell Shock Auto Exploitation Script Author: Rafay Baloch import requests,sys if lensys.argv 2: print "Usage: shocktest.py file.txt" exit0 def main: file = sys.argv1 with openfile as f: file = f.read.splitlines for url in file: cmd=" test;;/bin/nopatchobfu" headers = 'user-agent': cmd...

Crlf injection

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL...

CVE-2015-2028

CVE-2015-2028 is a CRLF injection vulnerability in IBM WebSphere eXtreme Scale, affecting WebSphere eXtreme Scale 7.1.0 up to but not including 7.1.0.3 and 7.1.1 up to but not including 7.1.1.1. A remote attacker can craft a URL to inject arbitrary HTTP headers and perform HTTP response splitting...

Mac OS X : OS X Server < 5.0.3 Multiple Vulnerabilities

The remote Mac OS X host has a version of OS X Server installed that is prior to 5.0.3. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the modheaders module that allows HTTP trailers to replace HTTP headers late during request processing. A remote attacker can...

UBUNTU-CVE-2015-4520

Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging 1 duplicate cache-key generation or 2 retrieval of a value from an incorrect HTTP Access-Control- response header...

CVE-2015-5921

WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors...

CVE-2015-5921

CVE-2015-5921 affects WebKit in Apple iOS versions before 9, where the Content-Disposition: attachment HTTP header is mishandled. This could allow a man-in-the-middle to disclose sensitive information via unspecified vectors. The public documentation identifies the issue as a WebKit information‑d...

Sql injection

Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 X-Forwarded-For or 2 Client-IP HTTP header...

Amazon Linux: Security Advisory (ALAS-2011-5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 22 Update: haproxy-1.5.14-1.fc22

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

Crlf injection

CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 before 7.0.0.8 Cumulative iFix 2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL...

CVE-2015-0196

CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 before 7.0.0.8 Cumulative iFix 2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL...

Broken Link Checker <= 1.10.8 - Unauthenticated Stored XSS

Persistent Cross-Site Scripting XSS in wordpress-admin-panel enabled by not proper sanitised HTTP headers...

Cisco Web Security Appliance Cross-Site Scripting Vulnerability (CNVD-2015-03921)

Cisco Web Security Appliance WSA is a set of Web security appliances from Cisco USA. The appliance provides SaaS-based access control, real-time network reporting and tracking, and the development of security policies. A cross-site scripting vulnerability exists in the Cisco Web Security Applianc...

Updated php-ZendFramework packages fix security vulnerabilities

Updated php-ZendFramework packages fix security vulnerability: Filippo Tessarotto and Maks3w reported potential CRLF injection attacks in mail and HTTP headers in ZendFramework before 1.2.12 CVE-2015-3154...

CVE-2015-0770

CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341...

Crlf injection

CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341...

CVE-2015-0770

CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341...