MangosWeb SQL Injection Vulnerability

No description provided by source. EXPLOIT TITLE: MangosWeb SQL Vulnerability DATE: 1/7/2012 BY Hood3dRob1n AFFECTED PRODUCTS: MangosWeb Enhanced Version 3.0.3 SW LINK: http://code.google.com/p/mwenhanced/ CATEGORY: WebApp 0day DORK: intext:MangosWeb ENhanced Version 3.0.3 @2009-2011, KeysWow Dev...

Microsoft Internet Explorer 5.0.1/6.0 Content-Disposition Handling File Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4752/info An issue exists in the way Microsoft Internet Explorer handles conflicting information in some HTTP headers used to describe non-HTML content. A malicious web server may provide content with misleading values in...

PHP <= 4.4.4 unserialize() ZVAL Reference Counter Overflow Exploit PoC

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...

Image Store Remote file Upload Vulnerability

No description provided by source. ============================================= =================================== ============================================= ====== Image Store Remote file Upload Vulnerability ============================================= ===================================...

Icecast (<= 2.0.1) Header Overwrite (win32)

No description provided by source. $Id: icecastheader.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...

Lynx 2.8.x Command Line URL CRLF Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5499/info A CRLF injection vulnerability has been reported for Lynx that may allow an attacker to include extra HTTP headers when viewing web pages. If Lynx is called from the command line, carriage return and line feed...

CVE-2014-3012

Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs...

CVE-2014-3012

Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs...

CVE-2014-3012

CVE-2014-3012 affects IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4. The vulnerability is a CRLF injection allowing remote authenticated users to inject arbitrary HTTP headers and perform HTTP response splitting via unspecified parameters to custom JSPs. Root cause is improper handl...

CVE-2012-5057

CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter...

Crlf injection

CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter...

CVE-2012-5057

CVE-2012-5057 describes a CRLF injection vulnerability in ownCloud Server

Crlf injection

CRLF injection vulnerability in the cookie method lib/Dancer/Cookie.pm in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526...

CVE-2012-5572

CRLF injection vulnerability in the cookie method lib/Dancer/Cookie.pm in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526...

iTunes security vulnerabilities

Invalid HTTP headers processing, weak permissions...

CVE-2012-3333

CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL...

Crlf injection

CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL...

Khan Academy: CRLF Injection

Is it possible for a remote attacker to inject custom HTTP headers. For example, an attacker can inject session cookies or HTML code. This may conduct to vulnerabilities like XSS cross-site scripting or session fixation. PoC...

PHP-Nuke 8.3 News SQL Injection

title : phpnuke 8.3 sql injection vulnerability Exploit Title: phpnuke 8.3 submit news module sql injection vulnerability Google Dork: inurl:modules.php?name=SubmitNews Date: 5/24/2014 Exploit Author: ali ahmady -- Iranian Researcher snip3rirathotmail.com Vendor Homepage: phpnuke.org Software Lin...

CVE-2014-1418

Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the 1 Vary: Cookie or 2 Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers...