HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20130930)

It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. CVE-2006-7243 It was found that PHP did not check for carriage returns i...

Crlf injection

CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet...

CVE-2013-6009

Open-Xchange AppSuite is affected by a CRLF injection vulnerability (CVE-2013-6009) present before version 7.2.2 when using AJP under certain conditions. An attacker can inject arbitrary HTTP headers and trigger HTTP response splitting via the ajax/defer servlet. Affected product: Open-Xchange Ap...

Hewlett-Packard (HP) 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery

Exploit Title: Hewlett-Packard 2620 Switch Series. Edit Admin Account - CSRF Vulnerability Date: 26.09.2013r. Exploit Author: Hubert GrÄ…dek PL Software Link: download link if available Tested on: HP-E2620 24-PoEP // RA.15.05.0006,ROMRA.15.10 HTTP Headers: http://IPADDR/html/json.html Host: IPADD...

Hewlett-Packard (HP) 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery

Hewlett-Packard HP 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery Exploit Title: Hewlett-Packard 2620 Switch Series. Edit Admin Account - CSRF Vulnerability Date: 26.09.2013r. Exploit Author: Hubert GrÄ…dek PL Software Link: download link if available Tested on: HP-E2620...

Debian: Security Advisory (DSA-2587-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Simple Dropbox 1.8.8 Shell Upload

Exploit Title : Wordpress Simple Dropbox Upload plugin File Upload Exploit Author : Ashiyane Digital Security Team Download Link : http://wordpress.org/plugins/simple-dropbox-upload-form/ Home : www.Ashiyane.org Version : 1.8.8 Security Risk : High Dork :...

Prestashop v1.5.5 - CRLF Injection Vulnerability

Prestashop version 1.5.5 suffers from a CRLF injection vulnerability that allows for addition of headers. Exploit Title: Prestashop v1.5.5 - CRLF Injection Vulnerability Official site: http://www.prestashop.com Official Demo : http://demo-store.prestashop.com/ Risk Level: Medium Exploit Author:...

Prestashop 1.5.5 CRLF Injection

Exploit Title: Prestashop v1.5.5 - CRLF Injection Vulnerability Official site: http://www.prestashop.com Official Demo : http://demo-store.prestashop.com/ Risk Level: Medium Exploit Author: Esac Homepage author : www.iss4m.ma Email author : [email protected] Last Checked: 06/09/2013 +----------+ ...

CVE-2013-1647

Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by 1 the location parameter...

Crlf injection

Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by 1 the location parameter...

Crlf injection

CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitizatio...

CVE-2013-1647

Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by 1 the location parameter...

CVE-2013-2582

CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitizatio...

CVE-2013-1647

Open-Xchange Server 6 is affected by multiple CRLF injection and related vulnerabilities (CVE-2013-1647 among others) that allow remote attackers to inject HTTP headers and perform HTTP response splitting, with additional XSS and SSRF issues described across several CVEs. Affected versions includ...

Amazon Linux AMI : perl-FCGI (ALAS-2011-05)

The MITRE CVE database describes CVE-2011-2766 as : The FCGI aka Fast CGI module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP header...

CVE-2013-3372

Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting XSS attacks via unspecified vectors...

CVE-2013-3373

CRLF injection vulnerability in Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header...

Crlf injection

CRLF injection vulnerability in Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header...