2482 matches found
Cross site scripting
The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting XSS attacks via unspecified vectors...
CVE-2008-6428
The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting XSS attacks via unspecified vectors...
CVE-2008-6428
The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting XSS attacks via unspecified vectors...
CVE-2008-6428
The vulnerability CVE-2008-6428 affects the Kaya 0.4.0 CGI framework. Reported impact: remote attackers can inject arbitrary HTTP headers and perform cross-site scripting (XSS) via unspecified vectors. No concrete exploitation details or patch information are provided in the connected documents. ...
RedHat Update for squid RHSA-2007:1130-01
Check for the Version of squid OpenVAS Vulnerability Test RedHat Update for squid RHSA-2007:1130-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...
CentOS Update for squid CESA-2008:0214 centos3 i386
Check for the Version of squid OpenVAS Vulnerability Test CentOS Update for squid CESA-2008:0214 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
CentOS Update for squid CESA-2007:1130-04 centos2 i386
Check for the Version of squid OpenVAS Vulnerability Test CentOS Update for squid CESA-2007:1130-04 centos2 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
CentOS Update for squid CESA-2008:0214 centos4 i386
Check for the Version of squid OpenVAS Vulnerability Test CentOS Update for squid CESA-2008:0214 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
CentOS Update for squid CESA-2008:0214 centos4 x86_64
Check for the Version of squid OpenVAS Vulnerability Test CentOS Update for squid CESA-2008:0214 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
CentOS Update for squid CESA-2008:0214 centos4 i386
Check for the Version of squid OpenVAS Vulnerability Test CentOS Update for squid CESA-2008:0214 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
Intercepting proxy servers may incorrectly rely on HTTP headers to make connections
Overview Proxy servers running in interception mode "transparent" proxies that make connection decisions based on HTTP header values may be used by an attacker to relay connections. Description HTTP Host Headers are defined in RFC 2616 and are often used to by web servers to allow multiple websit...
Crlf injection
CRLF injection vulnerability in SocialEngine SE 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie...
CVE-2008-6121
CRLF injection vulnerability in SocialEngine SE 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie...
CVE-2008-6121
CRLF injection vulnerability in SocialEngine SE 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie...
CVE-2008-6121
CVE-2008-6121 describes a CRLF injection vulnerability in SocialEngine versions 2.7 and earlier. The issue allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via the PHPSESSID cookie. Affected software: SocialEngine 2.7 and earlier. Underlying cause: CRLF...
USN-717-3: Firefox vulnerabilities
Kojima Hajime discovered that Firefox did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. CVE-2008-5510 Wladimir Palant discovered that Firefox did not restrict access to cookies in HTTP response headers. If a user were...
Crlf injection
CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server WAS 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...
CVE-2008-4283
CVE-2008-4283 describes a CRLF injection vulnerability in the WebContainer component of IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions. The issue allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via unspecified vectors. Accor...
PT-2009-1135
Name of the Vulnerable Software and Affected Versions Microsoft Internet Information Services IIS version 5.0 Description The issue allows remote attackers to steal cookies and authentication credentials or bypass the HttpOnly protection mechanism. This is achieved by using the undocumented TRACK...
CVE-2008-5554
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the 1 Location and 2...