343 matches found
CVE-2006-6276
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting XSS, and poison web...
CVE-2006-6276
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting XSS, and poison web...
MS06-029: Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)
The remote host is running a version of the Outlook Web Access that contains cross-site scripting flaws. This vulnerability could allow an attacker to convince a user to run a malicious script. If this malicious script is run, it would execute in the security context of the user. Attempts to...
CVE-2006-1829
EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of arbitrary users via unspecified vectors involving 1 connection caches, 2 open password prompts, and 3 stored custom connection profiles...
Crlf injection
CRLF injection vulnerability in inc/function.php in MyBulletinBoard MyBB 1.04 allows remote attackers to conduct cross-site scripting XSS, poison caches, or hijack pages via CRLF %0A%0D sequences in the Referrer HTTP header field, possibly when redirecting to other web pages...
CVE-2005-3751
HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers...
CVE-2005-3751
HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers...
CVE-2005-3348
HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter...
CVE-2005-3348
HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter...
CVE-2005-3348
CVE-2005-3348 is a HTTP Response Splitting vulnerability in phpSysInfo (2.4 and earlier) used by phpGroupWare (0.9.16 and earlier) and eGroupWare (before 1.0.0.009). Exploitation via CRLF sequences in the charset parameter can cause web content spoofing and cache poisoning. OpenVAS entries (and D...
Vulnerability in Exchange Server 5.5 Outlook Web Access XSS (842436)
The remote host is running a version of the Outlook Web Access which contains cross site scripting flaws. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CVE-2004-2512
CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the PHPSESSID parameter...
Fedora Core 4 : kernel-2.6.12-1.1387_FC4 (2005-510)
Wed Jun 29 2005 Dave Jones - 2.6.12.2 - Mon Jun 27 2005 Dave Jones - Disable multipath caches. 161168 - Reenable AMD756 I2C driver for x86-64. 159609 - Add more IBM r40e BIOS's to the C2/C3 blacklist. - Thu Jun 23 2005 Dave Jones - Make orinoco driver suck less. Scanning/roaming/ethtool support...
CVE-2005-2060
Multiple HTTP Response Splitting vulnerabilities in 1 toggleshow.php, 2 togglecats.php, and 3 showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the Cat parameter...
CVE-2005-2060
Multiple HTTP Response Splitting vulnerabilities in 1 toggleshow.php, 2 togglecats.php, and 3 showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the Cat parameter...
CVE-2005-1951
Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF "%0d%0a" sequences in the 1 productsid or 2 pid parameter to index.php or 3 goto parameter to banner.php...
CVE-2005-1951
Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF "%0d%0a" sequences in the 1 productsid or 2 pid parameter to index.php or 3 goto parameter to banner.php...
CVE-2005-1951
osCommerce 2.2 Milestone 2 and earlier are affected by CVE-2005-1951 due to HTTP Response Splitting in multiple parameters (products_id, pid in index.php and goto in banner.php). The vulnerability arises from hex-encoded CRLF sequences, enabling remote attackers to spoof content and potentially p...
MS05-029: Vulnerability in Exchange Server 5.5 Outlook Web Access XSS (895179)
The remote host is running a version of the Outlook Web Access that is affected by a cross-site scripting flaw. This vulnerability could allow an attacker to convince a user to run a malicious script. If this malicious script is run, it would execute in the security context of the user. Attempts ...
kernel -- information disclosure when using HTT
Problem description and impact When running on processors supporting Hyper-Threading Technology, it is possible for a malicious thread to monitor the execution of another thread. Information may be disclosed to local users, allowing in many cases for privilege escalation. For example, on a...