CVE-2006-7020

CRLF injection vulnerability in 1 include/incact/actformmailer.php and possibly 2 sampleextphp/mailfileform.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer HTTPREFERER...

CVE-2006-7020

The CVE-2006-7020 entry affects phpwcms up to 1.2.5-DEV and 1.1 before RC4, where a CRLF injection in include/inc_act/act_formmailer.php and possibly sample_ext_php/mail_file_form.php enables remote header manipulation and spoofed HTTP_REFERER to send spam via HTTP headers. Root cause: CRLF injec...

CVE-2006-5876

The soupheadersparse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service crash via malformed HTTP headers, probably involving missing fields or values...

libsoup library DoS

DoS on parsing HTTP headers...

[SECURITY] [DSA 1248-1] New libsoup packages fix denial of service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1248-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 12nd, 2007 http://www.debian.org/security/faq -...

DSA-1248-1 libsoup

Bulletin has no description...

Crlf injection

CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the...

CVE-2007-0047

CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the...

CVE-2006-6374

Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in 1 css/phpmyadmin.css.php, 2 dbcreate.php, 3 index.php, 4 left.php, 5...

CVE-2006-6374

Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in 1 css/phpmyadmin.css.php, 2 dbcreate.php, 3 index.php, 4 left.php, 5...

CVE-2006-6374

The CVE-2006-6374 vulnerability affects PhpMyAdmin 2.7.0-pl2, with multiple CRLF injection flaws enabling HTTP header injection and response splitting via CRLF sequences in a PhpMyAdmin cookie. Affected components include css/phpmyadmin.css.php, db_create.php, index.php, left.php, libraries/sessi...

CVE-2006-5565

CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the 1 name, 2 file, 3 module, and 4 func parameters in a index.php; and the 5 file parameter in b modules.php. NOTE: the provenance of this information is unknown;...

CVE-2006-5566

CRLF injection vulnerability (CVE-2006-5566) in Shop-Script’s premium/index.php allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via CRLF sequences in the following parameters: links_exchange, news, search_with_change_category_ability, logging, feedback...

CVE-2006-5565

CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the 1 name, 2 file, 3 module, and 4 func parameters in a index.php; and the 5 file parameter in b modules.php. NOTE: the provenance of this information is unknown;...

CVE-2006-5565

CVE-2006-5565 concerns a CRLF injection vulnerability in MAXdev MD-Pro 1.0.76. The flaw allows remote attackers to inject arbitrary HTTP headers by inserting a CRLF sequence into parameters (name, file, module, func) in index.php and the file parameter in modules.php. The accompanying data notes ...

CVE-2006-5442

ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting XSS attacks that inject arbitrary UTF-7 encoded JavaScript code via a view...

CVE-2006-5442

ViewVC 1.0.2 and earlier is affected by a cross-site scripting (XSS) vulnerability caused by not specifying a charset in HTTP headers or HTML documents. This allows remote attackers to inject arbitrary UTF-7 encoded JavaScript via a view. The affected software is ViewVC, version 1.0.2 and earlier...

CVE-2006-5442

Removed by vendor...

CVE-2006-5330

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks vi...

CVE-2006-5330

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks vi...