CVE-2010-4411

Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761...

CVE-2010-4411

CVE-2010-4411 affects CGI.pm (and CGI::Simple) up to version 3.50 and earlier, allowing remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via unknown vectors. The description notes this issue exists because of an incomplete fix for CVE-2010-2761, linking the tw...

CVE-2010-2761

The multipartinit function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v...

CVE-2010-4411

Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761...

CVE-2010-4410

CRLF injection vulnerability in the header function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline...

CVE-2010-4411

Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761...

Bugzilla < 3.2.10 / 3.4.10 / 3.6.4 Multiple Vulnerabilities

Binary data 5744.prm...

Adobe Flash Media Server Version Detection

Adobe Flash Media Server, a data and media server that serves applications to Flash Player, appears to be running on the remote host and is reporting its version number in HTTP headers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid50705; scriptversion"1.8";...

Bugzilla Response Splitting

The version of Bugzilla hosted on the remote web server allows injection of arbitrary HTTP headers and content when Server Push is enabled in a browser. Note that the install also likely creates restricted reports in a known location and with predictable names, which can lead to a loss of...

Watcher 1.4.1 - latest version download

"Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...

NetSupport Manager < 11.00.0005

The installed version of NetSupport Manager is prior to 11.00.0005. It is, therefore, affected by an information disclosure vulnerability due to bundled vulnerable versions of NetSupport Manager clients, and controls that reveal sensitive information such as IP and MAC addresses in cleartext HTTP...

CVE-2010-4184

NetSupport Manager NSM before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network...

CVE-2010-3172

CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted UR...

Crlf injection

CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted UR...

Code injection

NetSupport Manager NSM before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network...

Crlf injection

CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

CVE-2010-3913

CVE-2010-3913 affects TransWARE Active! mail 6 (build 6.40.010047750 and earlier). The vulnerability is a CRLF/HTTP header injection that can enable HTTP response splitting and allow remote attackers to inject headers. Documented impacts include falsified information being displayed and potential...

CVE-2010-4184

CVE-2010-4184 affects NetSupport Manager (NSM) prior to version 11.00.0005. The vulnerability arises from NSM sending HTTP headers with cleartext fields that reveal details about client machines, enabling an attacker who can sniff network traffic to obtain potentially sensitive information (e.g.,...

CVE-2010-4184

NetSupport Manager NSM before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network...

OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...