Lucene search
+L

2446 matches found

nvd
nvd
added 2004/12/31 5:0 a.m.19 views

CVE-2004-2512

CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the PHPSESSID parameter...

4.3CVSS6.9AI score0.04592EPSS
Exploits1References6
nessus
nessus
added 2004/12/28 12:0 a.m.11 views

ViewCVS < 1.0.0 HTTP Response Splitting

Binary data 2478.prm...

7.6CVSS7.3AI score0.02085EPSS
Exploits2References5
nessus
nessus
added 2004/12/28 12:0 a.m.31 views

ViewCVS < 1.0.0 Multiple Vulnerabilities

The remote host is running ViewCVS, a tool to browse CVS repositories over the web written in python. Flaws in the remote version of this website may allow an attacker to launch cross-site scripting and/or HTTP response-splitting attacks against the remote install. %NASLMINLEVEL 70300 C Tenable...

7.6CVSS5.1AI score0.02085EPSS
Exploits2References4
nessus
nessus
added 2004/11/27 12:0 a.m.20 views

GLSA-200411-35 : phpWebSite: HTTP response splitting vulnerability

The remote host is affected by the vulnerability described in GLSA-200411-35 phpWebSite: HTTP response splitting vulnerability Due to lack of proper input validation, phpWebSite has been found to be vulnerable to HTTP response splitting attacks. Impact : A malicious user could inject arbitrary...

5CVSS5.3AI score0.01604EPSS
Exploits1References4
gentoo
gentoo
added 2004/11/26 12:0 a.m.37 views

phpWebSite: HTTP response splitting vulnerability

Background phpWebSite is a web site content management system. Description Due to lack of proper input validation, phpWebSite has been found to be vulnerable to HTTP response splitting attacks. Impact A malicious user could inject arbitrary response data, leading to content spoofing, web cache...

5CVSS0.7AI score0.01604EPSS
Exploits1
securityvulns
securityvulns
added 2004/11/13 12:0 a.m.32 views

security hole &#40;http response splitting&#41; in phpwebsite

ADVISORY Author: Maestro me! Date: 11-NOV-04 Vendor: Appalachian State University http://phpwebsite.appstate.edu/ Product: phpWebSite 0.9.3-4 Product description from vendor website: phpWebSite provides a complete web site content management system. Web-based administration allows for easy...

7.1AI score
Exploits0
packetstorm
packetstorm
added 2004/11/12 12:0 a.m.37 views

phpwebsite.txt

ADVISORY Author: Maestro me! Date: 11-NOV-04 Vendor: Appalachian State University http://phpwebsite.appstate.edu/ Product: phpWebSite 0.9.3-4 Product description from vendor website: phpWebSite provides a complete web site content management system. Web-based administration allows for easy...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2004/11/10 12:0 a.m.15 views

webcalendar 0.9.x - Multiple Vulnerabilities

webcalendar 0.9.x - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/11651/info Multiple remote vulnerabilities are reported to exist in WebCalendar. Multiple cross-site scripting vulnerabilites, an HTTP response splitting vulnerability, and two authentication bypass...

Exploits0
exploitdb
exploitdb
added 2004/11/10 12:0 a.m.19 views

webcalendar 0.9.x - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/11651/info Multiple remote vulnerabilities are reported to exist in WebCalendar. Multiple cross-site scripting vulnerabilites, an HTTP response splitting vulnerability, and two authentication bypass vulnerabilities are reported to exist in many different...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2004/10/23 12:0 a.m.57 views

HTTP Response Splitting in Serendipity 0.7-beta4

SECURITY ADVISORY: HTTP Response Splitting in Serendipity 0.7-beta4 AUTHOR: Chaotic Evil chaoticevil $$$at$$$ spyring $$$dot$$$ com DATE: October 21st, 2004 PRODUCT: Serendipity 0.7-beta4 October 14th, 2004 Recommended release, most stable - www.s9y.org FROM THE VENDOR WEBSITE: Serendipity is a...

7.2AI score
Exploits0
nvd
nvd
added 2004/10/21 4:0 a.m.21 views

CVE-2004-1620

CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in 1 index.php and 2 exit.php, or 3 the HTTP Referer field in comment.php...

5CVSS6.8AI score0.08139EPSS
Exploits1References13
nessus
nessus
added 2004/10/21 12:0 a.m.10 views

Serendipity < 0.7.0rc1 HTTP Response Splitting

Binary data 2367.prm...

5CVSS7.3AI score0.08139EPSS
Exploits1References3
exploitdb
exploitdb
added 2004/10/21 12:0 a.m.71 views

S9Y Serendipity 0.x - &#039;exit.php&#039; HTTP Response Splitting

source: https://www.securityfocus.com/bid/11497/info Serendipity is reported prone to an HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted. This issue is identified in Serendipity...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2004/10/21 12:0 a.m.63 views

S9Y Serendipity 0.x - exit.php HTTP Response Splitting

S9Y Serendipity 0.x - exit.php HTTP Response Splitting source: https://www.securityfocus.com/bid/11497/info Serendipity is reported prone to an HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or...

7.4AI score
Exploits0
nessus
nessus
added 2004/10/21 12:0 a.m.40 views

IdealBB Multiple Vulnerabilities (XSS, SQLi, more)

The remote host is running IdealBB, a web-based bulletin board written in ASP. The remote version of this software has multiple flaws - SQL injection, cross-site scripting and HTTP response splitting vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

7.5CVSS5AI score0.01336EPSS
Exploits0References4
nessus
nessus
added 2004/10/21 12:0 a.m.45 views

Serendipity Multiple Script HTTP Response Splitting

The remote version of Serendipity is affected by an HTTP response- splitting vulnerability that may allow an attacker to perform a cross- site scripting attack against the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

5CVSS5.4AI score0.08139EPSS
Exploits1References3
securityvulns
securityvulns
added 2004/10/15 12:0 a.m.81 views

ACROS Security: Unsanitized Session ID Cookie Allows Modifying Server Response

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2004-10-14-3 ------------------------------------------------------------------------- ASPR 2004-10-14-3: Unsanitized Session ID Cookie Allows Modifying Serv...

0.8AI score
Exploits0
gentoo
gentoo
added 2004/10/14 12:0 a.m.39 views

WordPress: HTTP response splitting and XSS vulnerabilities

Background WordPress is a PHP and MySQL based content management and publishing system. Description Due to the lack of input validation in the administration panel scripts, WordPress is vulnerable to HTTP response splitting and cross-site scripting attacks. Impact A malicious user could inject...

5CVSS0.4AI score0.11226EPSS
Exploits1
nessus
nessus
added 2004/10/14 12:0 a.m.19 views

GLSA-200410-12 : WordPress: HTTP response splitting and XSS vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200410-12 WordPress: HTTP response splitting and XSS vulnerabilities Due to the lack of input validation in the administration panel scripts, WordPress is vulnerable to HTTP response splitting and cross-site scripting attacks...

5CVSS5.3AI score0.11226EPSS
Exploits1References3
securityvulns
securityvulns
added 2004/10/08 12:0 a.m.307 views

HTTP Response Splitting Vulnerability in Wordpress 1.2

SECURITY ADVISORY: HTTP Response Splitting in WordPress 1.2 AUTHOR: Chaotic Evil chaoticevil $$$at$$$ spyring $$$dot$$$ com DATE: October 6th, 2004 PRODUCT: WordPress 1.2 wordpress.org FROM THE VENDOR WEBSITE: WordPress is a state-of-the-art semantic personal publishing platform with a focus on...

7.4AI score
Exploits0
Rows per page
Query Builder