CVE-2011-3186

CRLF injection vulnerability in actionpack/lib/actioncontroller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header...

CVE-2011-3186

CVE-2011-3186 is a CRLF injection vulnerability in Rails 2.3.x, exploitable via the Content-Type header in actionpack/lib/action_controller/response.rb, allowing an attacker to inject arbitrary HTTP headers and perform HTTP response splitting. The issue affects Rails 2.3.x up to 2.3.12; a fix was...

Response Splitting Vulnerability in Ruby on Rails

A response splitting flaw can allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types...

w2box web 2.0 File Repository <= 2.5.1 Shell upload

Exploit for php platform in category web applications Exploit Title: w2box: web 2.0 File Repository = 2.5.1 Shell upload Date: 28/08/2011 Author: N3t.Crack3r Vendor or Software Link: http://clement.beffa.org/labs/projects/w2box/ Version: = 2.5.1 Category:: webapps Google dork: Powered by w2box,...

Response Splitting Vulnerability in Ruby on Rails

A response splitting flaw in Ruby on Rails 2.3.x was reported that could allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types...

ATutor 2.0.2 (lang) HTTP Response Splitting Vulnerability

Summary ATutor is an Open Source Web-based Learning Content Management System LCMS designed with accessibility and adaptability in mind. Educators can quickly assemble, package, and redistribute Web-based instructional content, easily retrieve and import prepackaged content, and conduct their...

ATutor 2.0.2 HTTP Response Splitting

ATutor 2.0.2 lang HTTP Response Splitting Vulnerability Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 2.0.2 build r10589 Summary: ATutor is an Open Source Web-based Learning Content Management System LCMS designed with accessibility and...

Filter Proxy HTTP Headers Mismatch

Filter web Proxy is a proxy tool that interferes between a web server and a client browser. It enables users to change the HTTP headers and client side content, e.g. HTML and JavaScript. The filter proxy can also block pop-ups and malicious content. Malicious users can use this technique to chang...

Enable X-FRAME-Options header to implement clickjacking protection

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-25143. panel TLDR: Add X-FRAME-Options: SAMEORIGIN to all HTTPS pages server config, and test that nothing breaks. --- Description: Current...

Enable X-FRAME-Options header to implement clickjacking protection

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-25143. panel TLDR: Add X-FRAME-Options: SAMEORIGIN to all HTTPS pages server config, and test that nothing breaks. --- Description: Current...

Ubuntu 6.06 LTS / 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : perl vulnerabilities (USN-1129-1)

It was discovered that the Safe.pm Perl module incorrectly handled Safe::reval and Safe::rdo access restrictions. An attacker could use this flaw to bypass intended restrictions and possibly execute arbitrary code. CVE-2010-1168, CVE-2010-1447 It was discovered that the CGI.pm Perl module...

Nmap NSE net: http-headers

Performs a GET request for the root folder '/' of a web server and displays the HTTP headers returned. SYNTAX: http.pipeline: If set, it represents the number of HTTP requests that'll be pipelined ie, sent in a single request. This can be set low to make debugging easier, or it can be set high to...

Nmap NSE net: http-headers

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-1129-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[USN-1129-1] Perl vulnerabilities

========================================================================== Ubuntu Security Notice USN-1129-1 May 03, 2011 perl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

openSUSE Security Update : perl (openSUSE-SU-2011:0064-1)

Multiple header injection problems in the CGI module of perl have been fixed. They allowed to inject HTTP headers in responses. CVE-2010-2761, CVE-2010-4410 and CVE-2010-4411 have been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

XSS in Webmin 1.540 + exploit for privilege escalation

Information -------------------- Name : XSS vulnerability in Webmin Software : All versions prior to and including 1.540 are affected. Vendor Hompeage : http://www.webmin.com Vulnerability Type : Cross-Site Scripting Severity : Medium Researcher : Javier Bassi javierbassi at gmail dot com...

YaCOMAS 0.3.6 Alpha Multiple Vulnerabilities

Exploit for php platform in category web applications Software: Yacomas 0.3.6 Vendor: http://yacomas.sourceforge.net/ Vuln Type: Multiple Vulnerability Download link: http://patux.net/downloads/yacomas-0.3.6alpha.tar.gz Author: email protected X contact: profesorxatotmail.com Home: www.ccat.edu.m...

Stack overflow

Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server CS in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote attackers to execute arbitrary code via crafted HTTP...

CVE-2011-0344

Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server CS in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote attackers to execute arbitrary code via crafted HTTP...