CVE-2011-3375

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by readin...

CVE-2011-4854

The CVE-2011-4854 issue affects Parallels Plesk Panel 10.4.4_build20111103.18: the Control Panel does not ensure that Content-Type HTTP headers match the Content-Type data in HTML META elements, potentially allowing remote attackers to trigger an interpretation conflict involving get_enabled_prod...

Apache Tomcat 7.0.0 < 7.0.22 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.22. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.22security-7 advisory. - Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching an...

Sql injection

Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the 1 pixieuser parameter and 2 Referer HTTP header in a request to the default URI...

perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting

CRLF injection vulnerability in the header function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in 1 view/admin/logitem.php and 2 view/admin/logitemdetails.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist...

CVE-2011-4562

Multiple cross-site scripting XSS vulnerabilities in 1 view/admin/logitem.php and 2 view/admin/logitemdetails.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist...

WordPress Redirection Plugin <= 2.2.9 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist. Solution Update the plugin...

Mandriva Update for apache MDVSA-2011:168 (apache)

Check for the Version of apache OpenVAS Vulnerability Test Mandriva Update for apache MDVSA-2011:168 apache Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Mandriva Linux Security Advisory : apache (MDVSA-2011:168)

A vulnerability has been discovered and corrected in apache : The modproxyajp module in the Apache HTTP Server before 2.2.21, when used with modproxybalancer in certain configurations, allows remote attackers to cause a denial of service temporary error state in the backend server via a malformed...

11in1 CMS 1.0.1 - &#039;do.php&#039; CRLF Injection

11in1 CMS v1.0.1 do.php CRLF Injection Vulnerability Vendor: 11in1 Product web page: http://www.11in1.org Affected version: 1.0.1 Summary: Eleven in One is an open-source content management system CMS that is powered by PHP and MySQL. It does not only help you manage your personal blog but also...

php5 -- header splitting attack via carriage-return character

Rui Hirokawa reports: As of PHP 5.1.2, header can no longer be used to send multiple response headers in a single call to prevent the HTTP Response Splitting Attack. header only checks the linefeed LF, 0x0A as line-end marker, it doesn't check the carriage-return CR, 0x0D. However, some browsers...

Google Chrome < 15.0.874.102 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 15.0.874.102. It therefore is potentially affected by the following vulnerabilities : - Several URL bar spoofing errors exist related to history handling and drag-and-drop of URLs. CVE-2011-2845, CVE-2011-3875 - Whitespace ...

CVE-2011-3340

SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

Sql injection

SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

CVE-2011-3340

CVE-2011-3340 affects Netvolution CMS 2.5.8 (ASP) where the HTTP Referer header parsing allows blind SQL injection. The vulnerability enables remote attackers to alter content, exfiltrate data (usernames, plaintext passwords), and potentially execute commands on the database server without authen...

CVE-2011-3340

SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header...

RedHat Update for httpd RHSA-2011:1392-01

Check for the Version of httpd OpenVAS Vulnerability Test RedHat Update for httpd RHSA-2011:1392-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

CentOS Update for httpd CESA-2011:1392 centos5 i386

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2011:1392 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

CentOS Update for httpd CESA-2011:1392 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...