Crlf injection

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function...

CVE-2007-2401

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function...

CVE-2007-2401

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function...

CVE-2007-2401

The CVE-2007-2401 entry concerns a CRLF injection in Apple’s WebCore XMLHttpRequest handling. Vulnerable: WebCore in Mac OS X 10.3.9, 10.4.9 and later, and iPhone prior to 1.0.1. Nature: remote attacker can inject arbitrary HTTP headers by sending LF characters in an XMLHttpRequest and exploiting...

PT-2007-3734 · Apple · Iphone +1

Name of the Vulnerable Software and Affected Versions: Apple Mac OS X versions 10.3.9 through 10.4.9 and later iPhone version before 1.0.1 Description: The issue allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request. This is possible because the L...

Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP header

Overview Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP headers, which may cause information disclosure. Description The Microsoft Windows "MHTML" protocol handler contains an information disclosure vulnerability in the way that it interprets HTTP headers. The "MHTML"...

Information disclosure

A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain...

The evil space-PHP local file inclusion vulnerability new breakthrough-vulnerability warning-the black bar safety net

PS: the article says the wrong bird, and afterwards Kenshin reminded me only to find out that have scammed people suspected, Connection the HTTP headers and can write space regardless of!! Remember Zizzy wrote an article The about php contains the Apache log of the Capriccio, which is a good idea...

Cross site scripting

Cross-site scripting XSS vulnerability in the SEO module in ADPLAN 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTTP headers...

CVE-2007-3117

Cross-site scripting XSS vulnerability in the SEO module in ADPLAN 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTTP headers...

CVE-2007-3117

CVE-2007-3117 affects ADPLAN Version 3 (SEO module) by a cross-site scripting vulnerability that allows an attacker to inject arbitrary script or HTML via HTTP header handling, potentially causing script execution in a user’s browser when visiting a site using ADPLAN’s service. The issue is tied ...

CVE-2007-3117

Cross-site scripting XSS vulnerability in the SEO module in ADPLAN 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTTP headers...

CVE-2007-1862

The recallheaders function in modmemcache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information...

Information disclosure

The recallheaders function in modmemcache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information...

CVE-2007-1862

The recallheaders function in modmemcache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information...

CVE-2007-1862

The CVE-2007-1862 issue affects Apache 2.2.4’s mod_mem_cache recall_headers, where not all header levels are copied, potentially causing HTTP responses to include previously used data. This could lead to information disclosure to remote attackers. Connected advisories confirm affected packages an...

CVE-2007-2907

Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote authenticated users to enter redirect URLs containing 1 JavaScript or 2 HTTP headers via an unspecified vector, possibly the forwardTo parameter to redirect.do. NOTE: the impact might be cross-site scripting XSS or HTTP request...

Crlf injection

CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We d...

CVE-2007-2618

The CVE-2007-2618 issue affects Drake CMS 0.4.0, identifying a CRLF injection vulnerability in index.php. The root cause is a CRLF sequence in the lang parameter that enables an attacker to inject arbitrary HTTP headers and perform HTTP response splitting. Public details describe the vulnerable c...

Crlf injection

Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to 1 cart.php or 2 index.php...