Lucene search
K

872 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/10/29 12:0 a.m.29 views

JVN#72541530: Active! mail 6 vulnerable to HTTP header injection

Active! mail 6 from TransWARE Co. is a web-based email software. Active! mail 6 contains a HTTP header injection vulnerability. Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response splitting attacks are also possible. Soluti...

4.3CVSS6.7AI score0.01104EPSS
Exploits0
exploitpack
exploitpack
added 2010/10/20 12:0 a.m.27 views

Oracle Sun Java System Web Server - HTTP Response Splitting

Oracle Sun Java System Web Server - HTTP Response Splitting Description Security-Assessment.com discovered that is possible to successfully perform an HTTP Response Splitting attack against applications served by Sun Java System Web Server. The vulnerability can be exploited if user supplied inpu...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2010/07/15 12:0 a.m.119 views

CVE-2010-2375: WebLogic Plugin HTTP Injection via Encoded URLs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs Release Date: 2010-07-13 Application: WebLogic Plugin...

6.4CVSS5.8AI score0.06509EPSS
Exploits1
CVE
CVE
added 2010/06/29 6:0 p.m.49 views

CVE-2008-7257

Cisco ASA WebVPN (WebVPN on ASA) is affected by a CRLF injection/HTTP response splitting vulnerability tracked as CVE-2008-7257. The flaw occurs in +webvpn+/index.html for ASA 5580-series devices with software before 8.1(2). An attacker can craft a URL containing %0d%0a sequences to inject arbitr...

4.3CVSS7.1AI score0.11567EPSS
Exploits2References6Affected Software1
Prion
Prion
added 2010/06/28 6:30 p.m.17 views

Design/Logic Flaw

Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066...

6CVSS6.3AI score0.00867EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2010/06/28 6:6 p.m.49 views

CVE-2010-2504

CVE-2010-2504 affects Splunk 4.0–4.0.10 and 4.1–4.1.1. The issue is HTTP header injection that allows remote authenticated users to obtain sensitive information (SPL-31066). Root cause details beyond “HTTP header injection” are not provided in the connected documents. Impact is noted as exposure ...

6CVSS6AI score0.00867EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2010/06/28 6:6 p.m.36 views

CVE-2010-2504

Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066...

5.8AI score0.00867EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2010/06/25 12:0 a.m.26 views

Apache Axis 1.5 Session Fixation

===== Tempest Security Intelligence - Advisory 02 / 2010 =========== Vulnerability = 'Apache Axis Session Fixation Vulnerability' Authors = 'Tiago Ferreira ' 'Leandro Oliveira ' ======== Table of Contents =========================================== 1. Overview 2. Detailed description 3. Other...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/02/24 12:0 a.m.35 views

Debian DSA-1950-1 : webkit - several vulnerabilities

Several vulnerabilities have been discovered in WebKit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, allows remote attackers to execute...

9.3CVSS6.1AI score0.09322EPSS
Exploits18References38
exploitpack
exploitpack
added 2009/06/05 12:0 a.m.14 views

LogMeIn 4.0.784 - cfgadvanced.html HTTP Header Injection

LogMeIn 4.0.784 - cfgadvanced.html HTTP Header Injection source: https://www.securityfocus.com/bid/35236/info LogMeIn is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP...

7.7AI score
Exploits0
Exploit DB
Exploit DB
added 2009/06/05 12:0 a.m.21 views

LogMeIn 4.0.784 - 'cfgadvanced.html' HTTP Header Injection

source: https://www.securityfocus.com/bid/35236/info LogMeIn is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP response, attackers may be able to launch various attacks,...

7.4AI score
Exploits0
Prion
Prion
added 2009/05/22 8:30 p.m.14 views

Crlf injection

CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter...

5CVSS7.5AI score0.01972EPSS
Exploits1References4Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/04/27 12:0 a.m.41 views

JVN#28020230 Web Mailer from CGI RESCUE vulnerable to HTTP header injection

Web Mailer from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. Web Mailer contains a HTTP header injection vulnerability. Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response...

4.3CVSS6.5AI score0.01065EPSS
Exploits0
OSV
OSV
added 2009/03/26 2:30 p.m.1 views

DEBIAN-CVE-2009-1149

CRLF injection vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the 1 ctype and possibly 2 filetype parameters...

7.5CVSS7.3AI score0.01433EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2008/11/27 12:0 a.m.31 views

Ruby on Rails redirect_to() HTTP Header Injection Vulnerability - Linux

The host is running Ruby on Rails, which is prone to HTTP Header Injection Vulnerability. OpenVAS Vulnerability Test $Id: gbrubyrailshttpheaderinjvulnlin.nasl 4227 2016-10-07 05:45:35Z teissa $ Ruby on Rails redirectto HTTP Header Injection Vulnerability - Linux Authors: Veerendra GG Copyright:...

5CVSS0.01546EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2008/11/27 12:0 a.m.27 views

Ruby on Rails redirect_to() HTTP Header Injection Vulnerability (Oct 2008) - Linux

Ruby on Rails is prone to a HTTP Header injection vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5CVSS7.6AI score0.01546EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2008/08/20 12:0 a.m.40 views

Mono 2.0 - 'System.Web' HTTP Header Injection

source: https://www.securityfocus.com/bid/30867/info Mono is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sanitize input. By inserting arbitrary headers into an HTTP response, attackers may be able to launch cross-site request-forgery,...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2008/08/04 12:0 a.m.80 views

Apache Tomcat HttpServletResponse.sendError()跨站脚本漏洞

BUGTRAQ ID: 30496 CVECAN ID: CVE-2008-1232 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat不仅在错误页面中显示了HttpServletResponse.sendError调用的消息参数,同时也在HTTP响应的reason-phrase中使用,这就可能在HTTP头中包含非法字符。特制的消息可能导致跨站脚本攻击,向HTTP响应中注入任意内容。 Apache Group Tomcat 6.0.x Apache Group Tomcat 5.5.x Apache Group Tomcat 4.1.x...

4.3CVSS5.3AI score0.75865EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.1 views

CGI RESCUE WebFORM vulnerable to HTTP header injection

Overview WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers. Impact Falsified information may be displayed or an arbitrary scri...

4.3CVSS7AI score
Exploits0References4
securityvulns
securityvulns
added 2008/03/22 12:0 a.m.49 views

[MSA02240108] IE7 allows overwriting of several headers leading to Http request Splitting and smuggling.

MSA01240108: IE7 allows overwriting of several headers leading to Http request Splitting and smuggling. Date: March 21th, 2008 Tested Versions: Internet Explorer 7.0.5730.11 Tested OS: Windows XP Professional SP2 Italian Minded Security ReferenceID: MSA02240108 Credits: Discovery by Stefano Di...

7.1AI score
Exploits0
Rows per page
Query Builder