2 matches found
HTTP Response Splitting vulnerability
PMASA-2007-1 Announcement-ID: PMASA-2007-1 Date: 2007-01-16 Summary HTTP Response Splitting vulnerability Description On systems running PHP 5 before 5.1.2 or PHP 4 before 4.4.2, it is possible to trigger this vulnerability by editing the cookie containing PHP's session id. This can be used to se...
Path disclosure vulnerability
PMASA-2006-8 Announcement-ID: PMASA-2006-8 Date: 2006-11-17 Summary Path disclosure vulnerability Description We received a security advisory from laurent gaffiƩ and we wish to thank him for his work. It was possible to disclose path by passing an array to several parameters. Severity We consider...