CVE-2014-1956

CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

CVE-2014-1956

CVE-2014-1956 describes a CRLF injection in Fortinet FortiWeb prior to version 5.0.3, enabling remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via unspecified vectors. The vulnerability is documented across multiple sources (NVD entry and FortiGuard FG-IR-13-...

CVE-2014-1956

CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

Crlf injection

CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors...

CVE-2014-2909

CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors...

Apple Fixes Serious SSL Issue in OSX and iOS

Apple has fixed a serious security flaw that’s present in many versions of both iOS and OSX and could allow an attacker to intercept data on SSL connections. The bug is one of many that the company fixed Tuesday in its two main operating systems, and several of the other vulnerabilities have...

Localize: Password type input with auto-complete enabled

Vulnerability description When a new name and password is entered in a form and the form is submitted, the browser asks if the password should be saved. Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the name is entered. An attacker wi...

Localize: A Serious Bug on SIGNUP Process!

Hello, I found a bug on your registration/Sign UP process.. You should fix this one soon as Possible! With This bug, Attacker will able to create thousands of ID's on you application.. POC ------ it can be done in three 3 ways.. 1 By CSRF .. Copy You Registration FORM source only form code is...

Automattic: Session Cookie without Secure flag set

vulnerability-Session Cookie without Secure flag set --------------------------------------- Vulnerability description This cookie does not have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the cookie can only be accessed over secure SSL channels...

Crlf injection

CRLF injection vulnerability in the web framework in Cisco Web Security Appliance WSA 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002...

Crlf injection

CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349...

CVE-2014-2137

CRLF injection vulnerability in the web framework in Cisco Web Security Appliance WSA 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002...

CVE-2014-2138

CVE-2014-2138 affects Cisco Security Manager (web framework) prior to 4.2. The issue is a CRLF injection via a crafted URL that allows remote attackers to inject arbitrary HTTP headers and perform web-page redirection to a malicious site. Root cause is insufficient validation of user input before...

CVE-2014-2138

CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349...

CVE-2013-1869

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network RHN Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via the returnurl parameter...

Crlf injection

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network RHN Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via the returnurl parameter...

CVE-2013-1869

CVE-2013-1869 affects spacewalk-java before 2.1.148-1 and Red Hat Network Satellite 5.6, allowing remote header injection via the return_url parameter that can enable HTTP response splitting and XSS. Responsible updates are in RHSA-2014:0148 (spacewalk-java, spacewalk-web, satellite-branding); ap...

CVE-2013-3998

CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

Crlf injection

CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

CVE-2013-3998

CVE-2013-3998 affects IBM InfoSphere BigInsights Web Application Enterprise Console (versions 1.1–2.1). The root cause is a CRLF injection that allows remote authenticated users to inject arbitrary HTTP headers and perform HTTP response splitting via unspecified vectors. Impact stated in sources ...