546 matches found
CA API Gateway CRLF Injection Vulnerability
CA API Gateway formerly known as Layer7 API Gateway is a gateway product from CA USA for partners, developers, mobile, cloud and mobile mainframe access to data and services. CA API Gateway suffers from a CRLF injection vulnerability. A remote attacker could exploit this vulnerability to conduct ...
The vulnerability of WebSphere Application Server’s application servers allows attackers to inject arbitrary HTTP headers.
The vulnerability of WebSphere Application Server applications stems from a lack of handling of CRLF sequences in HTTP headers. Exploiting this vulnerability allows an attacker to inject arbitrary HTTP headers using a specially crafted URL...
CVE-2007-2026
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...
Cisco Headend System Release Digital Broadband Delivery System CRLF Injection Vulnerability
The Cisco Headend System Release Digital Broadband Delivery System is a digital broadband delivery system. The system provides content protection, video-on-demand, and dbd backup and recovery. A CRLF injection vulnerability in the HTTP Header handler in the Digital Broadband Delivery System for...
DEBIAN-CVE-2014-9650
CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions...
URL request injection
When libcurl sends a request to a server via an HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those are sent along to the proxy too, which allows the program to for example send a separate HTTP request injected...
PYSEC-2014-73
ZPublisher.HTTPRequest.scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed LF character...
JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001]
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: JavaMail Vendor: Oracle CSNC ID: CSNC-2014-001 CVD ID: none Subject: SMTP Header Injection via method setSubject Risk: Medium Effect: Remotely exploitable Author: Alexandre Herzog [email protected] Date:...
Satellite/Spacewalk: header injection flaw
CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network RHN Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via the returnurl parameter...
CVE-2012-6553
Heap-based buffer overflow in Resource Hacker 3.6.0.92 allows remote attackers to execute arbitrary code via a Portable Executable PE file with a resource section containing a string that has many tab or line feed characters...
Ubuntu 11.10 : thunderbird vulnerabilities (USN-1400-3)
USN-1400-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting XSS, exploit this to...
USN-1400-3: Thunderbird vulnerabilities
USN-1400-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Original advisory details: Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site...
Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing...
DEBIAN-CVE-2008-3906
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string...
DEBIAN-CVE-2008-0456
CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP respons...
php CRLF injection
CRLF injection vulnerability in the ftpputcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands...
CVE-2007-2026
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...
Code injection
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...
CVE-2007-2026
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...
CVE-2007-2026
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...