Crlf injection

CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTPREFERER parameter...

Trend Micro OfficeScan Server CGI Modules Multiple Vulnerabilities

The remote host appears to be running Trend Micro OfficeScan Server or Client Server Messaging Security for SMB. The version of OfficeScan Server or Client Server Messaging Security for SMB installed on the remote host reportedly contains a buffer overflow issue that could allow a remote attacker...

Design/Logic Flaw

Xythos Enterprise Document Manager XEDM, Digital Locker XDL, and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution...

CVE-2007-3256

Xythos Enterprise Document Manager XEDM, Digital Locker XDL, and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution...

CVE-2007-3256

Xythos Enterprise Document Manager XEDM, Digital Locker XDL, and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution...

Crlf injection

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function...

CVE-2007-2401

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function...

CVE-2007-2401

The CVE-2007-2401 entry concerns a CRLF injection in Apple’s WebCore XMLHttpRequest handling. Vulnerable: WebCore in Mac OS X 10.3.9, 10.4.9 and later, and iPhone prior to 1.0.1. Nature: remote attacker can inject arbitrary HTTP headers by sending LF characters in an XMLHttpRequest and exploiting...

CVE-2007-2401

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function...

PT-2007-3734 · Apple · Iphone +1

Name of the Vulnerable Software and Affected Versions: Apple Mac OS X versions 10.3.9 through 10.4.9 and later iPhone version before 1.0.1 Description: The issue allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request. This is possible because the L...

Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP header

Overview Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP headers, which may cause information disclosure. Description The Microsoft Windows "MHTML" protocol handler contains an information disclosure vulnerability in the way that it interprets HTTP headers. The "MHTML"...

Information disclosure

A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain...

The evil space-PHP local file inclusion vulnerability new breakthrough-vulnerability warning-the black bar safety net

PS: the article says the wrong bird, and afterwards Kenshin reminded me only to find out that have scammed people suspected, Connection the HTTP headers and can write space regardless of!! Remember Zizzy wrote an article The about php contains the Apache log of the Capriccio, which is a good idea...

CVE-2007-3117

Cross-site scripting XSS vulnerability in the SEO module in ADPLAN 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTTP headers...

Cross site scripting

Cross-site scripting XSS vulnerability in the SEO module in ADPLAN 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTTP headers...

CVE-2007-3117

CVE-2007-3117 affects ADPLAN Version 3 (SEO module) by a cross-site scripting vulnerability that allows an attacker to inject arbitrary script or HTML via HTTP header handling, potentially causing script execution in a user’s browser when visiting a site using ADPLAN’s service. The issue is tied ...

CVE-2007-3117

Cross-site scripting XSS vulnerability in the SEO module in ADPLAN 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTTP headers...

CVE-2007-1862

The recallheaders function in modmemcache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information...

Information disclosure

The recallheaders function in modmemcache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information...

CVE-2007-1862

The recallheaders function in modmemcache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information...