CVE-2008-1544

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to 1 conduct HTTP request splitting and HTTP...

CVE-2008-1544

CVE-2008-1544 relates to Internet Explorer (IE) 5.01/6/7 where setRequestHeader can bypass header-safety checks, enabling HTTP request splitting/smuggling, host/Referer manipulation, and potential same-origin policy bypass. Microsoft’s connected documentation confirms a fix via MS08-031 (Cumulati...

GLSA-200801-07 : Adobe Flash Player: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200801-07 Adobe Flash Player: Multiple vulnerabilities Flash contains a copy of PCRE which is vulnerable to a heap-based buffer overflow GLSA 200711-30, CVE-2007-4768. Aaron Portnoy reported an unspecified vulnerability related to...

CVE-2007-6245

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks...

Server side request forgery (ssrf)

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks...

CVE-2007-6245

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks...

CVE-2007-6245

Adobe Flash Player versions affected by CVE-2007-6245 include 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0. The vulnerability allows remote attackers to modify HTTP headers in client requests, enabling HTTP Request Splitting attacks. Severity is reflected in public CVE data (bas...

CVE-2007-6245

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks...

SuSE 10 Security Update : flash-player (ZYPP Patch Number 2357)

This security update brings the Adobe Flash Player to version 7.0.69. It fixes the following security problem : - CRLF injection vulnerability in Adobe Flash Player allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in...

openSUSE 10 Security Update : flash-player (flash-player-2359)

This security update brings the Adobe Flash Player to version 7.0.69. It fixes the following security problem : CVE-2006-5330: CRLF injection vulnerability in Adobe Flash Player allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF...

CVE-2007-2292

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF %0a bytes in the username attribute...

CVE-2007-2292

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF %0a bytes in the username attribute...

Crlf injection

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF %0a bytes in the username attribute...

CVE-2007-2292

CVE-2007-2292 is a CRLF injection vulnerability in the Digest Authentication support of Mozilla Firefox (<2.0.0.8) and SeaMonkey (

CVE-2007-2292

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF %0a bytes in the username attribute...

SUSE-SA:2006:077: flash-player

The remote host is missing the patch for the advisory SUSE-SA:2006:077 flash-player. This security update brings the Adobe Flash Player to version 7.0.69. The update fixes the following security problem: CVE-2006-5330: CRLF injection vulnerabilities in Adobe Flash Player allows remote attackers t...

security flaw

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks vi...

CVE-2006-5330

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks vi...

CVE-2006-5330

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks vi...

CVE-2006-5330

The CVE-2006-5330 issue affects Adobe Flash Player plugins prior to 7.0.69 (and earlier variants) across Windows, Linux, Solaris, and macOS, causing remote attackers to modify HTTP headers and perform HTTP Request Splitting via CRLF in arguments to ActionScript functions (XML.addRequestHeader, XM...