EUVD-2018-8035

Malware in sbrugna...

CVE-2018-16181

HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors...

CVE-2018-16181

Summary: CVE-2018-16181 is an HTTP header injection vulnerability in Digital Arts i-FILTER (Ver. 9.50R05 and earlier) that can enable remote attackers to inject headers and trigger HTTP response splitting, potentially causing arbitrary script execution or cookie manipulation. Affected software: i...

CVE-2018-19437

UCMS 1.4.7 allows remote authenticated users to change the administrator password because $COOKIE'admin'.cookiehash is used for arbitrary cookie values that are set and not empty...

[SECURITY] [DLA 1375-1] wget security update

Package : wget Version : 1.13.4-3+deb7u6 CVE ID : CVE-2018-0494 Debian Bug : 898076 Harry Sintonen have discovered a cookie injection vulnerability in wget caused by insufficient input validation, enabling an external attacker to inject arbitrary cookie values cookie jar file, adding new or...

JVN#45928828: H2O vulnerable to HTTP header injection

H2O is an open source web server software. H2O contains an HTTP header injection vulnerability. Impact An HTTP response splitting attack may result in arbitrary cookie values. Solution Update the Software Update to the latest version according to the information provided by the developer. Product...