2434 matches found
ADVISORY: http response splitting in snipsnap
ADVISORY Author: Maestro me! Date: 14-SEP-04 Vendor: SnipSnap www.snipsnap.org Product: SnipSnap 0.5.2a Product description from vendor website: SnipSnap is a free and easy to install weblog and wiki tool written in Java. Problem: Http response splitting web cache poisoning, xss, yadayadayada -...
SnipSnap < 1.0b1 POST Request HTTP Response Splitting
Binary data 2289.prm...
SnipSnap 0.5.2 - HTTP Response Splitting
SnipSnap 0.5.2 - HTTP Response Splitting source: https://www.securityfocus.com/bid/11180/info SnipSnap is reported prone to an HTTP response splitting vulnerability. The issue exists in the 'referer' parameter. The issue presents itself due to a flaw in the application that allows an attacker to...
SnipSnap 0.5.2 - HTTP Response Splitting
source: https://www.securityfocus.com/bid/11180/info SnipSnap is reported prone to an HTTP response splitting vulnerability. The issue exists in the 'referer' parameter. The issue presents itself due to a flaw in the application that allows an attacker to manipulate how POST requests are handled...
ADVISORY: http response splitting hole in Comersus shopping cart
ADVISORY Author: Maestro me! Date: 01-SEP-04 Vendor: Comersus www.comersus.com Product: Comersus Shopping Cart 5.0991 Problem: Http response splitting web cache poisoning, xss, yadayadayada - http://www.packetstormsecurity.org/papers/general/whitepaperhttpresponse.pdf Exploit:...
CVE-2004-1656
CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the redirecturl parameter...
Comersus Cart 5.0 - HTTP Response Splitting
source: https://www.securityfocus.com/bid/11083/info Comersus Cart is reported prone to a HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted. This could aid in various attacks, which...
Comersus Cart 5.0 - HTTP Response Splitting
Comersus Cart 5.0 - HTTP Response Splitting source: https://www.securityfocus.com/bid/11083/info Comersus Cart is reported prone to a HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or...
HTTP Response Splitting vulnerability in Microsoft Outlook Web Access for Exchange 5.5
//////////////////////////////////////////////////////////////////// //===================== Security Advisory ====================// //////////////////////////////////////////////////////////////////// -------------------------------------------------------------------- ----- Microsoft Outlook W...
Microsoft Exchange Outlook Web Access HTTP Response Splitting Vulnerability
Description Microsoft Exchange Outlook Web Access OWA is prone to HTTP response splitting attacks. This issue could permit hostile script to be injected into client sessions, which could gain access to properties of the OWA server and Web pages hosted on the site. It is noted that the attacker mu...
phpBB < 2.0.10 Multiple XSS
The remote host is running a version of phpBB older than 2.0.10. phpBB contains a flaw that allows a remote cross-site scripting attack. This flaw exists because the application does not validate user-supplied input in the 'searchauthor' parameter. This version is also vulnerable to an HTTP...
PhpBB HTTP Response Splitting & Cross Site Scripting vulnerabilities
///////////////////////////////////////////////////////////////////// //=================== Security Advisory =======================// ///////////////////////////////////////////////////////////////////// --------------------------------------------------------------------- --- PhpBB HTTP Respon...
CVE-2003-1338
CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header...
DCP-Portal Multiple Script XSS
The version of DCP-Portal installed on the remote host fails to sanitize input to the script 'calendar.php' before using it to generate dynamic HTML, that could let an attacker execute arbitrary code in the browser of a legitimate user. It may also be affected by HTML injection flaws, which could...