Cross site scripting

The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the 1 Location and 2...

CVE-2008-5554

The CVE-2008-5554 entry describes a vulnerability in Microsoft Internet Explorer 8.0 Beta 2 where the XSS Filter fails to properly handle certain HTTP headers that appear after a CRLF in a URI, permitting bypass of the XSS protection and enabling XSS or redirection via headers such as Location or...

openSUSE 10 Security Update : rubygem-actionpack (rubygem-actionpack-5816)

Missing input sanitation in rubygem-actionpack allowed remote attackers to inject arbitrary HTTP headers via specially crafted URLs CVE-2008-5189. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...

CVE-2008-4829

CVE-2008-4829 affects the Streamripper project, with public sources describing multiple buffer overflows in lib/http.c (functions http_parse_sc_header, http_get_pls, http_get_m3u) triggered by overly long HTTP headers and playlists. Public reports (e.g., GLSA 200901-05, Debian DSA-1683-1, OpenVAS...

CVE-2008-4829

Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow remote attackers to execute arbitrary code via 1 a long "Zwitterion v" HTTP header, related to the httpparsescheader function; 2 a crafted pls playlist with a long entry, related to the httpgetpls function; or 3 a crafted m3u...

CVE-2008-5189

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirectto function...

Crlf injection

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirectto function...

CVE-2008-5189

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirectto function...

CVE-2008-5189

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirectto function...

Flash Player XSS

Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers...

CVE-2008-4818

Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers...

Fresh Email Script 1.0 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ====================================================== Fresh Email Script 1.0 Multiple Remote Vulnerabilities ====================================================== 1. +-----------------+-----------------+-----------------+ 2...

Sun Java System Web Proxy Server < 4.0.8 Multiple Vulnerabilities - Windows

Sun Java Web Proxy Server is prone to a heap buffer overflow vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sun Java System Web Proxy Server < 4.0.8 Multiple Vulnerabilities - Linux

Sun Java Web Proxy Server is prone to a heap buffer overflow vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Null pointer dereference

The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service NULL pointer dereference and child process crash via crafted HTTP headers, related to the "error handling mechanism."...

CVE-2008-4403

CVE-2008-4403 affects Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087. The CGI server modules can be exploited remotely to trigger a denial of service via crafted HTTP headers, caused by a NULL pointer dereference in the error handling mechanism. The availab...

Important: Red Hat Security Advisory: tomcat security update

Updated tomcat packages that fix multiple security issues are now available for Red Hat Developer Suite 3. This update has been rated as having important security impact by the Red Hat Security Response Team. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP...

CVE-2008-3906

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string...

Crlf injection

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string...

FreeBSD Ports: squid

The remote host is missing an update to the system as announced in the referenced advisory. VID bfda39de-7467-11d9-9e1e-c296ac722cb3 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...