Lucene search
K

546 matches found

CNVD
CNVD
added 2016/04/06 12:0 a.m.4 views

CA API Gateway CRLF Injection Vulnerability

CA API Gateway formerly known as Layer7 API Gateway is a gateway product from CA USA for partners, developers, mobile, cloud and mobile mainframe access to data and services. CA API Gateway suffers from a CRLF injection vulnerability. A remote attacker could exploit this vulnerability to conduct ...

6.5CVSS7.2AI score0.01229EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/11/26 12:0 a.m.4 views

The vulnerability of WebSphere Application Server’s application servers allows attackers to inject arbitrary HTTP headers.

The vulnerability of WebSphere Application Server applications stems from a lack of handling of CRLF sequences in HTTP headers. Exploiting this vulnerability allows an attacker to inject arbitrary HTTP headers using a specially crafted URL...

4.3CVSS6.5AI score0.01876EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2015/10/30 10:13 a.m.22 views

CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

7.8CVSS7.2AI score0.02092EPSS
Exploits1References2
CNVD
CNVD
added 2015/06/01 12:0 a.m.5 views

Cisco Headend System Release Digital Broadband Delivery System CRLF Injection Vulnerability

The Cisco Headend System Release Digital Broadband Delivery System is a digital broadband delivery system. The system provides content protection, video-on-demand, and dbd backup and recovery. A CRLF injection vulnerability in the HTTP Header handler in the Digital Broadband Delivery System for...

4.3CVSS7.4AI score0.01559EPSS
Exploits0References1
OSV
OSV
added 2015/01/27 8:3 p.m.5 views

DEBIAN-CVE-2014-9650

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions...

5CVSS7.6AI score0.02622EPSS
Exploits0References1
curl security advisories
curl security advisories
added 2015/01/08 8:0 a.m.52 views

URL request injection

When libcurl sends a request to a server via an HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those are sent along to the proxy too, which allows the program to for example send a separate HTTP request injected...

4.3CVSS7.4AI score0.0681EPSS
Exploits0Affected Software2
PyPA
PyPA
added 2014/09/30 2:55 p.m.6 views

PYSEC-2014-73

ZPublisher.HTTPRequest.scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed LF character...

6.4CVSS7.1AI score0.02479EPSS
Exploits0References6Affected Software1
securityvulns
securityvulns
added 2014/06/02 12:0 a.m.1577 views

JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001]

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: JavaMail Vendor: Oracle CSNC ID: CSNC-2014-001 CVD ID: none Subject: SMTP Header Injection via method setSubject Risk: Medium Effect: Remotely exploitable Author: Alexandre Herzog [email protected] Date:...

7.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/02/10 5:29 p.m.5 views

Satellite/Spacewalk: header injection flaw

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network RHN Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via the returnurl parameter...

4.3CVSS5.8AI score0.0185EPSS
Exploits0References4
NVD
NVD
added 2013/05/23 3:55 p.m.17 views

CVE-2012-6553

Heap-based buffer overflow in Resource Hacker 3.6.0.92 allows remote attackers to execute arbitrary code via a Portable Executable PE file with a resource section containing a string that has many tab or line feed characters...

9.3CVSS8.1AI score0.0547EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2012/03/22 12:0 a.m.38 views

Ubuntu 11.10 : thunderbird vulnerabilities (USN-1400-3)

USN-1400-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting XSS, exploit this to...

9.3CVSS8.6AI score0.0663EPSS
Exploits1References11
Ubuntu
Ubuntu
added 2012/03/21 10:47 p.m.80 views

USN-1400-3: Thunderbird vulnerabilities

USN-1400-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Original advisory details: Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site...

9.3CVSS8.8AI score0.0663EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2011/06/21 10:39 p.m.6 views

Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)

CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing...

4.3CVSS7.4AI score0.01034EPSS
Exploits0References4
OSV
OSV
added 2008/09/04 5:41 p.m.2 views

DEBIAN-CVE-2008-3906

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string...

4.3CVSS7.5AI score0.07102EPSS
Exploits1References1
OSV
OSV
added 2008/01/25 1:0 a.m.1 views

DEBIAN-CVE-2008-0456

CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP respons...

2.6CVSS7.2AI score0.19036EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2007/05/10 12:8 p.m.6 views

php CRLF injection

CRLF injection vulnerability in the ftpputcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands...

2.6CVSS6AI score0.02066EPSS
Exploits0References4
OSV
OSV
added 2007/04/13 6:19 p.m.9 views

CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

6.7AI score
Exploits0References13
Prion
Prion
added 2007/04/13 6:19 p.m.14 views

Code injection

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

7.8CVSS8.8AI score0.02092EPSS
Exploits1References13Affected Software1
UbuntuCve
UbuntuCve
added 2007/04/13 6:19 p.m.25 views

CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

7.8CVSS6AI score0.02092EPSS
Exploits1References1
Cvelist
Cvelist
added 2007/04/13 6:0 p.m.32 views

CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

9AI score0.02092EPSS
Exploits1References13
Rows per page
Query Builder