2447 matches found
CVE-2005-2060
Multiple HTTP Response Splitting vulnerabilities in 1 toggleshow.php, 2 togglecats.php, and 3 showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the Cat parameter...
M4DR007-07SA.txt
M4DR007-07SA security advisory: Multiple vulnerabilities in ASP Nuke 0.80 Published: 26 16 2005 Released: 26 16 2005 Name: ASP Nuke Affected Systems: req " SIZE="22" MAXLENGTH="80" class="form" ... ? As we can see there isn't any control on the 'email' parameter when the board get it's value. Sin...
CVE-2005-2060
Multiple HTTP Response Splitting vulnerabilities in 1 toggleshow.php, 2 togglecats.php, and 3 showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the Cat parameter...
CVE-2005-2065
Affected product: ASP Nuke 0.80 (language_select.asp). Vulnerability: HTTP response splitting via CRLF ("%0d%0a") in the LangCode parameter. Impact (as stated): remote attackers can spoof web content and poison web caches. Root cause: unsafely untrusted LangCode parameter allowing CRLF sequences....
CVE-2005-2060
Infopop UBB.Threads (before 6.5.2 Beta) is affected by HTTP Response Splitting in three scripts (toggleshow.php, togglecats.php, showprofile.php) via CRLF sequences in the Cat parameter. Root cause: insufficient input validation leads to remote spoofing of content and potential web-cache poisonin...
M4DR007-07SA (security advisory): Multiple vulnerabilities in ASP Nuke 0.80
M4DR007-07SA security advisory: Multiple vulnerabilities in ASP Nuke 0.80 Published: 26 16 2005 Released: 26 16 2005 Name: ASP Nuke Affected Systems: = 0.80 Issue: Cross-Site Scripting, HTTP Response Splitting, SQL Injection Author: Alberto Trivero Vendor: http://www.aspnuke.com/ Software...
ASPNuke 0.80 - Language_Select.asp HTTP Response Splitting
ASPNuke 0.80 - LanguageSelect.asp HTTP Response Splitting source: https://www.securityfocus.com/bid/14063/info ASPNuke is prone to an HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit th...
ASPNuke 0.80 - 'Language_Select.asp' HTTP Response Splitting
source: https://www.securityfocus.com/bid/14063/info ASPNuke is prone to an HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how Web...
ubb652.txt
GulfTech Security Research June 23rd, 2005 Vendor : Infopop Corporation URL : http://www.ubbcentral.com/ubbthreads/ Version : All Versions Prior To 6.5.2 Beta Risk : Multiple Vulnerabilities Description: UBB Threads is a very popular forum system developed by Infopop. There are a number of...
osCommerce application_top.php Multiple Parameter HTTP Response Splitting
The version of osCommerce on the remote host suffers from multiple HTTP response splitting vulnerabilities due to its failure to sanitize user-supplied input to various parameters of the 'includes/applicationtop.php' script, the 'goto' parameter of the 'banner.php' script, and possibly others. An...
osCommerce 2.1/2.2 - Multiple HTTP Response Splitting Vulnerabilities
source: https://www.securityfocus.com/bid/13979/info osCommerce is prone to multiple HTTP response splitting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit any of these vulnerabilities to influence or...
CVE-2005-1951
Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF "%0d%0a" sequences in the 1 productsid or 2 pid parameter to index.php or 3 goto parameter to banner.php...
CVE-2005-1951
Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF "%0d%0a" sequences in the 1 productsid or 2 pid parameter to index.php or 3 goto parameter to banner.php...
CVE-2005-1951
osCommerce 2.2 Milestone 2 and earlier are affected by CVE-2005-1951 due to HTTP Response Splitting in multiple parameters (products_id, pid in index.php and goto in banner.php). The vulnerability arises from hex-encoded CRLF sequences, enabling remote attackers to spoof content and potentially p...
osCommere HTTP Response Splitting
GulfTech Security Research June 10th, 2005 Vendor : osCommerce URL : http://www.oscommerce.com/ Version : osCommerce 2.2 Milestone 2 && Earlier Risk : HTTP Response Splitting Description: osCommerce is a very popular eCommerce application that allows for individuals to host their own online shop...
Fedora Core 3 : squid-2.5.STABLE9-1.FC3.6 (2005-373)
Mon May 16 2005 Jay Fenlason 7:2.5.STABLE9-1.FC3.6 - More upstream patches, including ones for bz157456 CVE-2005-1519 DNS lookups unreliable on untrusted networks bz156162 CVE-1999-0710 cachemgr.cgi access control bypass - The following bugs had already been fixed, but the announcements were lost...
CVE-2004-2054
CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via 1 the mode parameter to privmsg.php or 2 the redirect parameter to login.php...
CVE-2004-2054
The CVE-2004-2054 issue affects phpBB versions 2.0.4 and 2.0.9, where a CRLF injection enables HTTP Response Splitting to alter server HTML content via the mode parameter in privmsg.php or the redirect parameter in login.php. OpenVAS notes additional context for phpBB
CVE-2005-1405
HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications...
CVE-2005-1405
CVE-2005-1405 affects Lotus Domino 6.5.x (before 6.5.4) and 6.0.x (before 6.0.5). The vulnerability is an HTTP response splitting flaw in the @SetHTTPHeader function, enabling attackers to poison the web cache through malicious applications. The provided sources describe the issue and affected ve...