Monstra CMS 3.0.4 - HTTP Header Injection

Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to...

EUVD-2012-2922

Malware in sbrugna...

EUVD-2008-0215

Malware in sbrugna...

CVE-2018-16979

Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943...

CVE-2012-2943

CRLF injection vulnerability in cryptographp.inc.php in Cryptographp allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the cfg parameter...

Crlf injection

CRLF injection vulnerability in cryptographp.inc.php in Cryptographp allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the cfg parameter...

CVE-2012-2943

CVE-2012-2943 describes a CRLF injection in Cryptographp’s cryptographp.inc.php, exploitable via the cfg parameter to inject arbitrary HTTP headers and enable HTTP response splitting. Connected documents tie this to Monstra CMS 3.0.4 as a related issue (through CVE-2018-16979), but explicit fixes...

Cryptographp Local File Inclusion / HTTP Response Splitting

Exploit for php platform in category web applications During a security assessment, I’ve found that my target was using Cryptographp which is a PHP script used for generate « captchas ». It was easily noticeable when I’ve found the following URL: http://WWWW/cryptographp.inc.php?cfg=XX&sn=YYYY&ZZ...

Cryptographp Local File Inclusion / HTTP Response Splitting

During a security assessment, I’ve found that my target was using Cryptographp which is a PHP script used for generate « captchas ». It was easily noticeable when I’ve found the following URL: http://WWWW/cryptographp.inc.php?cfg=XX&sn=YYYY&ZZZZ So I've decided to take a look at the source code a...

Cryptographp 'index.php' Local File Include Vulnerability

Cryptographp is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 cryptwidth, 2 cryptheight, 3 bgimg, 4 charR, 5 charG, 6 charB, 7 charclear, 8 tfont, 9 chare...

CVE-2008-0203

Multiple cross-site scripting XSS vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 cryptwidth, 2 cryptheight, 3 bgimg, 4 charR, 5 charG, 6 charB, 7 charclear, 8 tfont, 9 chare...

CVE-2008-0203

CVE-2008-0203 refers to multiple XSS vulnerabilities in cryptographp/admin.php of the WordPress Cryptographp plugin (versions 1.2 and earlier). The flaws allow remote attackers to inject arbitrary script/HTML via a long list of parameters (e.g., cryptwidth, cryptheight, bgimg, charR, charG, charB...

CVE-2008-0203

Multiple cross-site scripting XSS vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 cryptwidth, 2 cryptheight, 3 bgimg, 4 charR, 5 charG, 6 charB, 7 charclear, 8 tfont, 9 chare...

WordPress Cryptographp Plugin <= 1.2 - Multiple XSS

Because of these vulnerabilities in cryptographp/admin.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Cryptographp: XSS...

MoBiC-28 Bonus: XSS in Cryptographp

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в капче Cryptographp. Это капча плагин для WordPress. Всего 24 XSS уязвимости на странице опций плагина http://site/wp-admin/options-general.php?page=cryptographp/admin.php. Причём это persistent XSS уязвимости. XS...

Vulnerability in Cryptographp

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Insufficient Anti-automation уязвимости в капче Cryptographp. Это капча плагин для WordPress. Данная капча уязвима для session reusing with constant captcha bypass method. Insufficient Anti-automation: Эксплоит:...

Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Cryptographp: CAPTCHA protection bypass...