Lucene search
K

80 matches found

Hacker One
Hacker One
added 2015/03/15 7:49 a.m.129 views

X (Formerly Twitter): HTTP Response Splitting (CRLF injection) in report_story

Hi, I would like to report a HTTP Response Splitting vulnerability in https://twitter.com/i/safety/reportstory that allows attackers to inject arbitrary headers and contents in the response. PoC:...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2014/11/10 12:0 a.m.40 views

Anchor CMS 0.9.2 Header Injection

Anchor CMS = 0.9.2 Current Version header injection in anchor/models/comment.php $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n"; $headers .= 'From: notifications@' . $SERVER'HTTPHOST' . "\r\n"; 49: mail$to, 'comments.notifysubject', $message...

4.3CVSS0.5AI score0.01007EPSS
Exploits2
OSV
OSV
added 2013/06/26 6:11 p.m.11 views

MGASA-2013-0183 Updated perl-Dancer package fixes CVE-2012-5572

A security flaw was found in the way Dancer.pm, lightweight yet powerful web application framework / Perl language module, performed sanitization of values to be used for cookie and cookies methods. A remote attacker could use this flaw to inject arbitrary headers into responses from Perl...

5CVSS6.4AI score0.01497EPSS
Exploits0References3
Mageia
Mageia
added 2013/06/26 6:11 p.m.46 views

Updated perl-Dancer package fixes CVE-2012-5572

A security flaw was found in the way Dancer.pm, lightweight yet powerful web application framework / Perl language module, performed sanitization of values to be used for cookie and cookies methods. A remote attacker could use this flaw to inject arbitrary headers into responses from Perl...

5CVSS4.3AI score0.01497EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2012/12/18 12:0 a.m.28 views

Mandriva Update for perl-CGI MDVSA-2012:180 (perl-CGI)

Check for the Version of perl-CGI OpenVAS Vulnerability Test Mandriva Update for perl-CGI MDVSA-2012:180 perl-CGI Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

5CVSS9.6AI score0.03261EPSS
Exploits0References2
Prion
Prion
added 2012/11/21 11:55 p.m.22 views

Design/Logic Flaw

CGI.pm module before 3.63 for Perl does not properly escape newlines in 1 Set-Cookie or 2 P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm...

5CVSS6.8AI score0.03261EPSS
Exploits0References14Affected Software1
OpenVAS
OpenVAS
added 2012/09/22 12:0 a.m.55 views

Ubuntu: Security Advisory (USN-1569-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.8AI score0.11178EPSS
Exploits3References2
RedHat Linux
RedHat Linux
added 2011/06/16 7:13 p.m.5 views

OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

5.1CVSS5.8AI score0.03102EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/12/15 11:41 p.m.7 views

OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

5.1CVSS5.8AI score0.03102EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/11/10 7:0 p.m.4 views

OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

5.1CVSS5.8AI score0.03102EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/11/10 7:0 p.m.5 views

OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

5.1CVSS5.8AI score0.03102EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/10/27 11:3 p.m.5 views

OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

5.1CVSS5.8AI score0.03102EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/10/27 11:3 p.m.6 views

OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU...

5.1CVSS5.8AI score0.10557EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/10/14 1:31 p.m.8 views

OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU...

5.1CVSS5.8AI score0.10557EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/10/13 4:22 p.m.3 views

OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

5.1CVSS5.8AI score0.03102EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/04/17 5:13 a.m.3 views

Fujitsu Jasmine HTTP Response Splitting Vulnerability When Executing WebLink Template

Overview A vulnerability exists in Fujitsu Jasmine where HTTP response splitting may be conducted when the WebLink template is executed. Impact An attacker could insert arbitrary HTTP headers and launch HTTP response splitting attacks. Solution Please refer to the 'Vendor Information' section for...

6.8CVSS6.8AI score0.01868EPSS
Exploits0References8
Prion
Prion
added 2007/03/27 9:19 p.m.22 views

Crlf injection

CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, and BASP21 Pro 1.0.702.27 and earlier, allows remote attackers to inject arbitrary headers into e-mail messages via CRLF sequences in Subject lines...

6.4CVSS7.5AI score0.01449EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2007/03/27 9:0 p.m.22 views

CVE-2007-1713

CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, and BASP21 Pro 1.0.702.27 and earlier, allows remote attackers to inject arbitrary headers into e-mail messages via CRLF sequences in Subject lines...

6.9AI score0.01449EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2006/08/10 8:55 p.m.4 views

httpd: Expect header XSS

httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...

4.3CVSS7.1AI score0.94281EPSS
Exploits7References4
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.23 views

sendmail-8.9.1.txt

Date: Thu, 9 Jul 1998 19:31:52 +0200 From: Michal Zalewski Subject: Sendmail up to 8.9.1 - mail.local instroduces new class of bugs Local, setuid mail delivery program included in recent packages - mail.local - introduces new class of local bugs, from DoS attacks to security compromises. For...

7.4AI score
Exploits0
Rows per page
Query Builder