CVE-2010-4184

CVE-2010-4184 affects NetSupport Manager (NSM) prior to version 11.00.0005. The vulnerability arises from NSM sending HTTP headers with cleartext fields that reveal details about client machines, enabling an attacker who can sniff network traffic to obtain potentially sensitive information (e.g.,...

CVE-2010-4184

NetSupport Manager NSM before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network...

OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

Nmap NSE: HTTP Headers

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

Crlf injection

CRLF injection vulnerability in HP System Management Homepage SMH before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

CVE-2010-3011

CVE-2010-3011 is a CRLF injection vulnerability in HP System Management Homepage (SMH) prior to 6.2 that can allow remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via unspecified vectors. The issue affects HP SMH versions before 6.2 and stems from an as‑yet u...

Crlf injection

CRLF injection vulnerability in load.php in the Local Management Interface LMI on the IBM Proventia Network Mail Security System PNMSS appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the...

CVE-2010-0155

The CVE-2010-0155 issue affects IBM Proventia Network Mail Security System (PNMSS) with firmware older than 2.5, specifically the Local Management Interface (LMI). A CRLF injection vulnerability exists in load.php that is exploitable by remote authenticated users via the javaVersion parameter, en...

SimpleWebServer DoS

Crash on HTTP headers parsing...

Content-Disposition: attachment ignored if Content-Type: multipart also present

Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting XSS...

dotDefender 3.8-5 - Remote Code Execution (via Cross-Site Scripting)

dotDefender 3.8-5 - Remote Code Execution via Cross-Site Scripting / DotDefender = 3.8-5 No Authentication Remote Code Execution Through XSS Tested on DotDefender 3.8-5 On Ubuntu Server 9.10 64-bit with Firefox 3.6.3 Paul Hand aka rAWjAW AT offsec.com Original Post-Authentication Remote Command...

Crlf injection

The Cisco Content Services Switch CSS 11500 with software before 8.20.4.02 and the Application Control Engine ACE 4710 with software before A23.0 do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to...

Mozilla Products Firefox/Seamonkey Multiple Vulnerabilities june-10 (Windows)

The host is installed with Mozilla Firefox/Seamonkey and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmozillaprdtsmultvulnwin01jun10.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Firefox/Seamonkey Multiple Vulnerabilities june-10 Windows Authors: Antu Sanadi...

Crlf injection

CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances ASA 5580 series devices with software before 8.12 allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or...

Applicure dotDefender 4.01-3 - Persistent Cross-Site Scripting

Applicure dotDefender 4.01-3 - Persistent Cross-Site Scripting An advisory by EnableSecurity. ID: ES-20100601 Advisory URL: http://resources.enablesecurity.com/advisories/ES-20100601-dotdefender4.txt Affected Versions: version 4.0 Fixed versions: 4.01-3 and later Description: Applicure dotDefende...

Applicure dotDefender 4.01-3 - Persistent Cross-Site Scripting

An advisory by EnableSecurity. ID: ES-20100601 Advisory URL: http://resources.enablesecurity.com/advisories/ES-20100601-dotdefender4.txt Affected Versions: version 4.0 Fixed versions: 4.01-3 and later Description: Applicure dotDefender is a Web Application Firewall that can be installed on Window...

Cross site scripting

Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting XSS...

CVE-2010-1197

CVE-2010-1197 affects Mozilla Firefox 3.5.x before 3.5.10, Firefox 3.6.x before 3.6.4, and SeaMonkey before 2.0.5. Root cause: Firefox/SeaMonkey fail to handle cases where both Content-Disposition: attachment and Content-Type: multipart are present in HTTP headers, enabling remote XSS via an uplo...

Email Image Upload Shell Upload

============================================= =================================== ============================================= ====== Email image upload Remote file Upload Vulnerability ============================================= ===================================...