CVE-2002-1641

Oracle Web Cache in Oracle 9i Application Server (9iAS) has multiple buffer overflows that allow remote attackers to execute arbitrary code via unknown vectors. The connected records confirm the affected product and the root cause (buffer overflows) with remote code execution as impact, but do no...

EUVD-2002-1622

Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server 9iAS allow remote attackers to execute arbitrary code via unknown vectors...

phorumSplit.txt

Positive Technologies SA-20050322 Phorum "location" HTTP Response Splitting Vulnerability. Release Date: 03/22/2005 Date Reported: 03/10/2005 Severity: Medium Application: Phorum Platform: PHP Vendor: http://www.phorum.org Affects versions: 5.0.14a Other versions may also be affected. I. BACKGROU...

[ Positive Technologies #SA] Phorum "location" HTTP Response Splitting Vulnerability

Positive Technologies SA-20050322 Phorum "location" HTTP Response Splitting Vulnerability. Release Date: 03/22/2005 Date Reported: 03/10/2005 Severity: Medium Application: Phorum Platform: PHP Vendor: http://www.phorum.org Affects versions: 5.0.14a Other versions may also be affected. I. BACKGROU...

DEBIAN-CVE-2005-0626

Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies...

GLSA-200502-04 : Squid: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200502-04 Squid: Multiple vulnerabilities Squid contains several vulnerabilities: Buffer overflow when handling WCCP recvfrom CAN-2005-0211. Loose checking of HTTP headers CAN-2005-0173 and CAN-2005-0174. Incorrect handling of LDA...

security flaw

Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter...

security flaw

The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service crash via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCPISEEYOU cache numbers...

CVE-2005-0049

Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting XSS attack, or to spoof the web cache...

USN-67-1: Squid vulnerabilities

infamous41md discovered several Denial of Service vulnerabilities in squid. A malicious Gopher server could crash squid by sending a line bigger than 4096 bytes. CAN-2005-0094 If squid is configured to send WCPP Web Cache Communication Protocol messages to a "home router", an attacker who was abl...

squid web cache proxy multiple bugs

WCCPISEEYOU message WCCP Web Cache Communication Protocol DoS, gopher protocol buffer overflow...

GLSA-200411-35 : phpWebSite: HTTP response splitting vulnerability

The remote host is affected by the vulnerability described in GLSA-200411-35 phpWebSite: HTTP response splitting vulnerability Due to lack of proper input validation, phpWebSite has been found to be vulnerable to HTTP response splitting attacks. Impact : A malicious user could inject arbitrary...

phpWebSite: HTTP response splitting vulnerability

Background phpWebSite is a web site content management system. Description Due to lack of proper input validation, phpWebSite has been found to be vulnerable to HTTP response splitting attacks. Impact A malicious user could inject arbitrary response data, leading to content spoofing, web cache...

WordPress: HTTP response splitting and XSS vulnerabilities

Background WordPress is a PHP and MySQL based content management and publishing system. Description Due to the lack of input validation in the administration panel scripts, WordPress is vulnerable to HTTP response splitting and cross-site scripting attacks. Impact A malicious user could inject...

SnipSnap: HTTP response splitting

Background SnipSnap is a user friendly content management system with features such as wiki and weblog. Description SnipSnap contains various HTTP response splitting vulnerabilities that could potentially compromise the sites data. Some of these attacks include web cache poisoning, cross-user...

ADVISORY: security hole (http response splitting) in snitz forums 2000

ADVISORY Author: Maestro me! Date: 16-SEP-04 Vendor: Snitz Communications www.snitz.com Product: Snitz Forums 2000 v3.4.04 Product description: from vendor website "the leading ASP forum/bbs on the internet today" Problem: Http response splitting web cache poisoning, xss, yadayadayada -...

GLSA-200409-23 : SnipSnap: HTTP response splitting

The remote host is affected by the vulnerability described in GLSA-200409-23 SnipSnap: HTTP response splitting SnipSnap contains various HTTP response splitting vulnerabilities that could potentially compromise the sites data. Some of these attacks include web cache poisoning, cross-user...

ADVISORY: http response splitting in snipsnap

ADVISORY Author: Maestro me! Date: 14-SEP-04 Vendor: SnipSnap www.snipsnap.org Product: SnipSnap 0.5.2a Product description from vendor website: SnipSnap is a free and easy to install weblog and wiki tool written in Java. Problem: Http response splitting web cache poisoning, xss, yadayadayada -...

Oracle Application Server Web Cache Multiple Vulnerabilities

Binary data 1213.prm...

PhpBB HTTP Response Splitting & Cross Site Scripting vulnerabilities

///////////////////////////////////////////////////////////////////// //=================== Security Advisory =======================// ///////////////////////////////////////////////////////////////////// --------------------------------------------------------------------- --- PhpBB HTTP Respon...