Lucene search
K

4383 matches found

OSV
OSV
added 2015/02/20 11:59 a.m.3 views

DEBIAN-CVE-2015-0881

CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response...

4.3CVSS7.4AI score0.04507EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2015/02/11 12:0 a.m.28 views

Fortinet FortiWeb Multiple Vulnerabilities (FG-IR-13-009)

Fortinet FortiWeb is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:fortinet:fortiweb"; if...

6.5CVSS5.1AI score0.01516EPSS
Exploits0References2
CNVD
CNVD
added 2015/01/30 12:0 a.m.6 views

Symantec Encryption Management Server EMAIL Header Field Injection Vulnerability

Symantec Encryption Management Server is a single console for managing multiple encryption applications in the PGP platform. Symantec Encryption Management Server does not properly handle email header field data, which can be exploited by a remote attacker to conduct email header injection attack...

5CVSS7.3AI score0.0111EPSS
Exploits0References1
OSV
OSV
added 2015/01/27 8:3 p.m.5 views

DEBIAN-CVE-2014-9650

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions...

5CVSS7.6AI score0.02622EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2015/01/27 12:0 a.m.4 views

PT-2015-4326 · Pivotal +1 · Rabbitmq

Name of the Vulnerable Software and Affected Versions: RabbitMQ versions 2.1.0 through 3.4.x Description: A CRLF injection issue exists in the management plugin, allowing remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to th...

5CVSS7.4AI score0.02622EPSS
Exploits0References15
OSV
OSV
added 2015/01/15 3:59 p.m.1 views

DEBIAN-CVE-2014-8150

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL...

4.3CVSS7.5AI score0.0681EPSS
Exploits0References1
curl security advisories
curl security advisories
added 2015/01/08 8:0 a.m.52 views

URL request injection

When libcurl sends a request to a server via an HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those are sent along to the proxy too, which allows the program to for example send a separate HTTP request injected...

4.3CVSS7.4AI score0.0681EPSS
Exploits0Affected Software2
OSV
OSV
added 2015/01/08 12:0 a.m.4 views

UBUNTU-CVE-2014-8150

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL...

4.3CVSS7.1AI score0.0681EPSS
Exploits0References4
Friends Of PHP
Friends Of PHP
added 2014/12/29 1:23 p.m.15 views

Header injection in NativeMailerHandler

Hopefully attacker controlled data is never used to set the encoding or content type, but just in case, prevent: $nmh = new NativeMailerHandler$to, $subject, $from; $nmh-setEncoding "utf-8\r\nFrom: [email protected]"; Since the injection happened in send, there doesn't seem to be a good way to a...

0.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/12/29 1:23 p.m.10 views

Header injection in NativeMailerHandler

Hopefully attacker controlled data is never used to set the encoding or content type, but just in case, prevent: $nmh = new NativeMailerHandler$to, $subject, $from; $nmh-setEncoding "utf-8\r\nFrom: [email protected]"; Since the injection happened in send, there doesn't seem to be a good way to a...

7.2AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 2014/12/02 6:0 p.m.29 views

CVE-2014-9182

models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header...

6.6AI score0.01007EPSS
Exploits2References1
0day.today
0day.today
added 2014/11/10 12:0 a.m.26 views

Anchor CMS 0.9.2 Header Injection Vulnerability

Anchor CMS versions 0.9.2 and below suffer from a header injection vulnerability. Anchor CMS = 0.9.2 Current Version header injection in anchor/models/comment.php $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n"; $headers .= 'From:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2014/11/10 12:0 a.m.40 views

Anchor CMS 0.9.2 Header Injection

Anchor CMS = 0.9.2 Current Version header injection in anchor/models/comment.php $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n"; $headers .= 'From: notifications@' . $SERVER'HTTPHOST' . "\r\n"; 49: mail$to, 'comments.notifysubject', $message...

4.3CVSS0.5AI score0.01007EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2014/11/08 12:0 a.m.33 views

RHEL 5 / 6 : spacewalk-java, spacewalk-web and satellite-branding (RHSA-2014:0148)

Updated spacewalk-java, spacewalk-web, and satellite-branding packages that fix multiple security issues are now available for Red Hat Satellite 5.6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

4.3CVSS5.8AI score0.0185EPSS
Exploits1References9
Debian
Debian
added 2014/09/30 8:33 p.m.77 views

[SECURITY] [DLA 68-1] fex security update

Package : fex Version : 20100208+debian1-1+squeeze4 CVE ID : CVE-2014-3875 CVE-2014-3876 CVE-2014-3877 CVE-2014-3875 When inserting encoded newline characters into a request to rup, additional HTTP headers can be injected into the reply, as well as new HTML code on the top of the website...

6.1CVSS6.1AI score0.01914EPSS
Exploits5
PyPA
PyPA
added 2014/09/30 2:55 p.m.6 views

PYSEC-2014-73

ZPublisher.HTTPRequest.scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed LF character...

6.4CVSS7.1AI score0.02479EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2014/09/30 2:55 p.m.7 views

PYSEC-2014-28

ZPublisher.HTTPRequest.scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed LF character...

6.4CVSS7.1AI score0.02479EPSS
Exploits0References6Affected Software1
RedHat Linux
RedHat Linux
added 2014/09/16 5:28 a.m.6 views

(Plone): Reflexive HTTP header injection

It was discovered that Plone, included as a part of luci, did not properly sanitize HTTP headers provided within certain URL requests. A remote attacker could use a specially crafted URL that, when processed, would cause the injected HTTP headers to be returned as a part of the Plone HTTP respons...

6.4CVSS5.8AI score0.02479EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2014/09/16 12:0 a.m.4 views

PT-2014-2313 · Plone +2 · Plone +2

Name of the Vulnerable Software and Affected Versions: Zope versions prior to 2.13.19 Plone versions prior to 4.3 beta 1 Description: The issue allows remote attackers to inject arbitrary HTTP headers via a linefeed LF character in the ZPublisher.HTTPRequest. scrubHeader function. Recommendations...

8.7CVSS6.2AI score0.02641EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2014/09/04 12:0 a.m.428 views

Apache 2.2.x < 2.2.28 Multiple Vulnerabilities

According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.28. It is, therefore, affected by the following vulnerabilities : - A flaw exists within the 'modheaders' module which allows a remote attacker to inject arbitrary headers. This is done by placing a...

6.8CVSS7.3AI score0.85744EPSS
Exploits7References8
Rows per page
Query Builder