OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

Crlf injection

CRLF injection vulnerability in HP System Management Homepage SMH before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

CVE-2010-3011

CVE-2010-3011 is a CRLF injection vulnerability in HP System Management Homepage (SMH) prior to 6.2 that can allow remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via unspecified vectors. The issue affects HP SMH versions before 6.2 and stems from an as‑yet u...

Crlf injection

CRLF injection vulnerability in load.php in the Local Management Interface LMI on the IBM Proventia Network Mail Security System PNMSS appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the...

CVE-2010-0155

The CVE-2010-0155 issue affects IBM Proventia Network Mail Security System (PNMSS) with firmware older than 2.5, specifically the Local Management Interface (LMI). A CRLF injection vulnerability exists in load.php that is exploitable by remote authenticated users via the javaVersion parameter, en...

SimpleWebServer DoS

Crash on HTTP headers parsing...

Content-Disposition: attachment ignored if Content-Type: multipart also present

Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting XSS...

dotDefender 3.8-5 - Remote Code Execution (via Cross-Site Scripting)

dotDefender 3.8-5 - Remote Code Execution via Cross-Site Scripting / DotDefender = 3.8-5 No Authentication Remote Code Execution Through XSS Tested on DotDefender 3.8-5 On Ubuntu Server 9.10 64-bit with Firefox 3.6.3 Paul Hand aka rAWjAW AT offsec.com Original Post-Authentication Remote Command...

Crlf injection

The Cisco Content Services Switch CSS 11500 with software before 8.20.4.02 and the Application Control Engine ACE 4710 with software before A23.0 do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to...

Mozilla Products Firefox/Seamonkey Multiple Vulnerabilities june-10 (Windows)

The host is installed with Mozilla Firefox/Seamonkey and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmozillaprdtsmultvulnwin01jun10.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Firefox/Seamonkey Multiple Vulnerabilities june-10 Windows Authors: Antu Sanadi...

Crlf injection

CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances ASA 5580 series devices with software before 8.12 allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or...

Applicure dotDefender 4.01-3 - Persistent Cross-Site Scripting

Applicure dotDefender 4.01-3 - Persistent Cross-Site Scripting An advisory by EnableSecurity. ID: ES-20100601 Advisory URL: http://resources.enablesecurity.com/advisories/ES-20100601-dotdefender4.txt Affected Versions: version 4.0 Fixed versions: 4.01-3 and later Description: Applicure dotDefende...

Applicure dotDefender 4.01-3 - Persistent Cross-Site Scripting

An advisory by EnableSecurity. ID: ES-20100601 Advisory URL: http://resources.enablesecurity.com/advisories/ES-20100601-dotdefender4.txt Affected Versions: version 4.0 Fixed versions: 4.01-3 and later Description: Applicure dotDefender is a Web Application Firewall that can be installed on Window...

Cross site scripting

Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting XSS...

CVE-2010-1197

CVE-2010-1197 affects Mozilla Firefox 3.5.x before 3.5.10, Firefox 3.6.x before 3.6.4, and SeaMonkey before 2.0.5. Root cause: Firefox/SeaMonkey fail to handle cases where both Content-Disposition: attachment and Content-Type: multipart are present in HTTP headers, enabling remote XSS via an uplo...

Email Image Upload Shell Upload

============================================= =================================== ============================================= ====== Email image upload Remote file Upload Vulnerability ============================================= ===================================...

Weborf 'Range' Header Denial of Service Vulnerability

This host is running Weborf webserver and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gbweborfrangedosvuln.nasl 5388 2017-02-21 15:13:30Z teissa $ Weborf 'Range' Header Denial of Service Vulnerability Authors: Sooraj KS Copyright: Copyright c 2010 Greenbone Networ...

Image Store Remote file Upload Vulnerability

Exploit for php platform in category web applications ============================================ Image Store Remote file Upload Vulnerability ============================================ Name: Image Store V 1.0 Date: 09-06-2010 vendor: http://www.scriptidea.net/imagestore/ Price: $199.00...

Image Store - Arbitrary File Upload

============================================= =================================== ============================================= ====== Image Store Remote file Upload Vulnerability ============================================= ===================================...

Applicure dotDefender 4.0 administrative interface cross site scripting

Applicure dotDefender 4.0 administrative interface cross site scripting An advisory by EnableSecurity. ID: ES-20100601 Advisory URL: http://resources.enablesecurity.com/advisories/ES-20100601-dotdefender4.txt Affected Versions: version 4.0 Fixed versions: 4.01-3 and later Description: Applicure...