Crlf injection

CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349...

CVE-2014-2137

CRLF injection vulnerability in the web framework in Cisco Web Security Appliance WSA 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002...

Crlf injection

Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by 1 the location parameter...

CVE-2011-2732

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter...

CVE-2011-4237

CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu186...

11in1 CMS 1.0.1 - 'do.php' CRLF Injection

11in1 CMS v1.0.1 do.php CRLF Injection Vulnerability Vendor: 11in1 Product web page: http://www.11in1.org Affected version: 1.0.1 Summary: Eleven in One is an open-source content management system CMS that is powered by PHP and MySQL. It does not only help you manage your personal blog but also...

Toko Lite CMS 1.5.2 - 'edit.php' HTTP Response Splitting

Toko Lite CMS 1.5.2 edit.php HTTP Response Splitting Vulnerability Vendor: Toko Product web page: http://toko-contenteditor.pageil.net Affected version: 1.5.2 Summary: Toko Web Content Editor cms is a compact, multi language, open source web editor and content management system CMS. It is advance...

Toko Lite CMS 1.5.2 HTTP Response Splitting

Toko Lite CMS 1.5.2 edit.php HTTP Response Splitting Vulnerability Vendor: Toko Product web page: http://toko-contenteditor.pageil.net Affected version: 1.5.2 Summary: Toko Web Content Editor cms is a compact, multi language, open source web editor and content management system CMS. It is advance...

ATutor 2.0.2 (lang) HTTP Response Splitting Vulnerability

Summary ATutor is an Open Source Web-based Learning Content Management System LCMS designed with accessibility and adaptability in mind. Educators can quickly assemble, package, and redistribute Web-based instructional content, easily retrieve and import prepackaged content, and conduct their...

Cross site scripting

The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting XSS attacks via unspecified vectors...

CVE-2008-0786

CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

FreeBSD : joomla -- multiple vulnerabilities (4872d9a7-4128-11dc-bdb0-0016179b2dd5)

A Secunia Advisory reports : joomla can be exploited to conduct session fixation attacks, cross-site scripting attacks or HTTP response splitting attacks. Certain unspecified input passed in comsearch, comcontent and modlogin is not properly sanitised before being returned to a user. This can be...

CVE-2005-4712

CVE-2005-4712 affects PHP Handicapper’s process_signup.php, where CRLF injection in the login parameter allows remote attackers to inject HTTP headers. The Red Hat entry repeats this description; other connected documents (e.g., PT Security) discuss a separate related issue (SQL injection) in the...

CVE-2006-0207

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function...

Design/Logic Flaw

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function...

CVE-2005-4579

Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container BLC P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form...

CVE-2005-4579

Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container BLC P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form...

ACROS Security: Unsanitized Session ID Cookie Allows Modifying Server Response

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2004-10-14-3 ------------------------------------------------------------------------- ASPR 2004-10-14-3: Unsanitized Session ID Cookie Allows Modifying Serv...

Apache - Arbitrary Long HTTP Headers Denial of Service

include include include include include include include include include define A 0x41 define PORT 80 struct sockaddrin hrm; int connchar ip int sockfd; hrm.sinfamily = AFINET; hrm.sinport = htonsPORT; hrm.sinaddr.saddr = inetaddrip; bzero&hrm.sinzero,8; sockfd=socketAFINET,SOCKSTREAM,0;...