2446 matches found
CVE-2004-2512
CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the PHPSESSID parameter...
ViewCVS < 1.0.0 HTTP Response Splitting
Binary data 2478.prm...
ViewCVS < 1.0.0 Multiple Vulnerabilities
The remote host is running ViewCVS, a tool to browse CVS repositories over the web written in python. Flaws in the remote version of this website may allow an attacker to launch cross-site scripting and/or HTTP response-splitting attacks against the remote install. %NASLMINLEVEL 70300 C Tenable...
GLSA-200411-35 : phpWebSite: HTTP response splitting vulnerability
The remote host is affected by the vulnerability described in GLSA-200411-35 phpWebSite: HTTP response splitting vulnerability Due to lack of proper input validation, phpWebSite has been found to be vulnerable to HTTP response splitting attacks. Impact : A malicious user could inject arbitrary...
phpWebSite: HTTP response splitting vulnerability
Background phpWebSite is a web site content management system. Description Due to lack of proper input validation, phpWebSite has been found to be vulnerable to HTTP response splitting attacks. Impact A malicious user could inject arbitrary response data, leading to content spoofing, web cache...
security hole (http response splitting) in phpwebsite
ADVISORY Author: Maestro me! Date: 11-NOV-04 Vendor: Appalachian State University http://phpwebsite.appstate.edu/ Product: phpWebSite 0.9.3-4 Product description from vendor website: phpWebSite provides a complete web site content management system. Web-based administration allows for easy...
phpwebsite.txt
ADVISORY Author: Maestro me! Date: 11-NOV-04 Vendor: Appalachian State University http://phpwebsite.appstate.edu/ Product: phpWebSite 0.9.3-4 Product description from vendor website: phpWebSite provides a complete web site content management system. Web-based administration allows for easy...
webcalendar 0.9.x - Multiple Vulnerabilities
webcalendar 0.9.x - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/11651/info Multiple remote vulnerabilities are reported to exist in WebCalendar. Multiple cross-site scripting vulnerabilites, an HTTP response splitting vulnerability, and two authentication bypass...
webcalendar 0.9.x - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/11651/info Multiple remote vulnerabilities are reported to exist in WebCalendar. Multiple cross-site scripting vulnerabilites, an HTTP response splitting vulnerability, and two authentication bypass vulnerabilities are reported to exist in many different...
HTTP Response Splitting in Serendipity 0.7-beta4
SECURITY ADVISORY: HTTP Response Splitting in Serendipity 0.7-beta4 AUTHOR: Chaotic Evil chaoticevil $$$at$$$ spyring $$$dot$$$ com DATE: October 21st, 2004 PRODUCT: Serendipity 0.7-beta4 October 14th, 2004 Recommended release, most stable - www.s9y.org FROM THE VENDOR WEBSITE: Serendipity is a...
CVE-2004-1620
CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in 1 index.php and 2 exit.php, or 3 the HTTP Referer field in comment.php...
Serendipity < 0.7.0rc1 HTTP Response Splitting
Binary data 2367.prm...
S9Y Serendipity 0.x - 'exit.php' HTTP Response Splitting
source: https://www.securityfocus.com/bid/11497/info Serendipity is reported prone to an HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted. This issue is identified in Serendipity...
S9Y Serendipity 0.x - exit.php HTTP Response Splitting
S9Y Serendipity 0.x - exit.php HTTP Response Splitting source: https://www.securityfocus.com/bid/11497/info Serendipity is reported prone to an HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or...
IdealBB Multiple Vulnerabilities (XSS, SQLi, more)
The remote host is running IdealBB, a web-based bulletin board written in ASP. The remote version of this software has multiple flaws - SQL injection, cross-site scripting and HTTP response splitting vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Serendipity Multiple Script HTTP Response Splitting
The remote version of Serendipity is affected by an HTTP response- splitting vulnerability that may allow an attacker to perform a cross- site scripting attack against the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
ACROS Security: Unsanitized Session ID Cookie Allows Modifying Server Response
=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2004-10-14-3 ------------------------------------------------------------------------- ASPR 2004-10-14-3: Unsanitized Session ID Cookie Allows Modifying Serv...
WordPress: HTTP response splitting and XSS vulnerabilities
Background WordPress is a PHP and MySQL based content management and publishing system. Description Due to the lack of input validation in the administration panel scripts, WordPress is vulnerable to HTTP response splitting and cross-site scripting attacks. Impact A malicious user could inject...
GLSA-200410-12 : WordPress: HTTP response splitting and XSS vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200410-12 WordPress: HTTP response splitting and XSS vulnerabilities Due to the lack of input validation in the administration panel scripts, WordPress is vulnerable to HTTP response splitting and cross-site scripting attacks...
HTTP Response Splitting Vulnerability in Wordpress 1.2
SECURITY ADVISORY: HTTP Response Splitting in WordPress 1.2 AUTHOR: Chaotic Evil chaoticevil $$$at$$$ spyring $$$dot$$$ com DATE: October 6th, 2004 PRODUCT: WordPress 1.2 wordpress.org FROM THE VENDOR WEBSITE: WordPress is a state-of-the-art semantic personal publishing platform with a focus on...