7 matches found
CVE-2018-16979
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943...
Design/Logic Flaw
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943...
CVE-2018-16979
CVE-2018-16979 affects Monstra CMS 3.0.4. The Nuclei template and related descriptions confirm an HTTP header injection vulnerability in plugins/captcha/crypt/cryptographp.php cfg parameter, allowing an attacker to craft input that can redirect users to attacker-controlled domains, enable cache p...
CVE-2018-16979
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943...
Monstra <= 3.0.1 HTTP Response Splitting
Monstra versions 3.0.1 and below suffer from an HTTP response splitting vulnerability. Monstra = 3.0.1 HTTP Response Splitting /plugins/captcha/crypt/cryptographp.php SetCookie"cryptcookietest", "1"; Header"Location: cryptographp.inc.php?cfg=".$GET'cfg'."&sn=".sessionname."&".SID; so providing...
Monstra 3.0.1 HTTP Response Splitting
Monstra 5.1.2...
GuppY跨站脚本和跨站请求伪造漏洞
Bugtraq ID:66318 Guppy是一款来自法国的CMS系统。 Guppy存在跨站脚本和跨站请求伪造漏洞,允许攻击者利用漏洞获取敏感信息或劫持用户会话,或以目标用户上下文进行操作。 0 GuppY 4.6.26 目前没有详细解决方案提供: http://freeguppy.org http://server/guppy/plugins/cryptographp/cryptographp.php?cfg=CRLFInjection...