Crlf injection

CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu186...

CVE-2011-4237

The CVE-2011-4237 issue is a CRLF injection/HTTP response-splitting vulnerability in CiscoWorks Common Services 4.0 used with Cisco Prime LAN Management Solution and related products. Root cause: improper sanitization of user input in Autologin.jsp, enabling an unauthenticated remote attacker to ...

CVE-2011-4237

CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu186...

Crlf injection

CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances ASA 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCth63101...

FreeBSD Ports: firefox

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2012-0475

Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site 1 XMLHttpRequest or 2 WebSocket operation involvin...

Cross site scripting

Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site 1 XMLHttpRequest or 2 WebSocket operation involvin...

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

Microsoft ASP.NET ValidateRequest Filters Bypass

According to the HTTP headers received from the remote host, the web server is configured to use the ASP.NET framework. This framework includes the ValidateRequest feature, which is used by ASP.NET web applications to filter user input in an attempt to prevent cross-site scripting attacks. Howeve...

CVE-2012-0451

CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy CSP restrictions and possibly conduct...

Crlf injection

CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy CSP restrictions and possibly conduct...

CVE-2012-0451

CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy CSP restrictions and possibly conduct...

Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities

Summary WebPAM is a web based Promise Array Management Software that's easy-to use, designed to simplify RAID storage management. WebPAM is specifically designed for Promise HBA. WebPAM can configure, manage or monitor Promise RAID products remotely from a web browser from anywhere in the world...

Sandcat Browser 2.0 Released - Penetration Testing Oriented Browser

Sandcat Browser 2.0 Released, Penetration Testing Oriented Browser Sandcat Browser version 2.0 includes several user interface and experience improvements, an improved extension system, RudraScript support and new extensions. What is Sandcat Browser? The fastest web browser combined with the...

CVE-2011-4512

CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 aka TIA portal before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows...

Sandcat Browser - Penetration Testing Oriented Browser

Penetration Testing Oriented Browser - Sandcat Browser The fastest web browser combined with the fastest scripting language packed with features for pen-testers. Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team,...

Apache 2.2.x < 2.2.22 Multiple Vulnerabilities

According to its banner, the version of Apache 2.2.x installed on the remote host is prior to 2.2.22. It is, therefore, potentially affected by the following vulnerabilities : - When configured as a reverse proxy, improper use of the RewriteRule and ProxyPassMatch directives could cause the web...

Ajax Upload Shell Upload

Exploit Title: Ajax Upload Arbitrary File Upload Date: 30/01/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Ajax Upload http://valums.com/ajax-upload/ Tested on: Linux Comment Agradezco a mis amigos: Hernan Jais, Alfon...

Ajax Upload - Arbitrary File Upload

Exploit Title: Ajax Upload Arbitrary File Upload Date: 30/01/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Ajax Upload http://valums.com/ajax-upload/ Tested on: Linux Comment Agradezco a mis amigos: Hernan Jais, Alfon...

Ajax Upload Arbitrary File Upload

Exploit for multiple platform in category web applications Exploit Title: Ajax Upload Arbitrary File Upload Date: 30/01/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Ajax Upload http://valums.com/ajax-upload/ Tested o...