Sql injection

Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the...

CVE-2007-0971

Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in Jupiter CMS 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header and certain other HTTP headers, which are displayed without proper sanitization when an administrator performs a Logged Gue...

CVE-2007-0971

Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the...

CVE-2006-7020

CRLF injection vulnerability in 1 include/incact/actformmailer.php and possibly 2 sampleextphp/mailfileform.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer HTTPREFERER...

CVE-2006-7020

The CVE-2006-7020 entry affects phpwcms up to 1.2.5-DEV and 1.1 before RC4, where a CRLF injection in include/inc_act/act_formmailer.php and possibly sample_ext_php/mail_file_form.php enables remote header manipulation and spoofed HTTP_REFERER to send spam via HTTP headers. Root cause: CRLF injec...

CVE-2006-5876

The soupheadersparse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service crash via malformed HTTP headers, probably involving missing fields or values...

libsoup library DoS

DoS on parsing HTTP headers...

[SECURITY] [DSA 1248-1] New libsoup packages fix denial of service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1248-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 12nd, 2007 http://www.debian.org/security/faq -...

DSA-1248-1 libsoup

Bulletin has no description...

Crlf injection

CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the...

CVE-2007-0047

CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the...

CVE-2006-6374

Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in 1 css/phpmyadmin.css.php, 2 dbcreate.php, 3 index.php, 4 left.php, 5...

CVE-2006-6374

Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in 1 css/phpmyadmin.css.php, 2 dbcreate.php, 3 index.php, 4 left.php, 5...

CVE-2006-6374

The CVE-2006-6374 vulnerability affects PhpMyAdmin 2.7.0-pl2, with multiple CRLF injection flaws enabling HTTP header injection and response splitting via CRLF sequences in a PhpMyAdmin cookie. Affected components include css/phpmyadmin.css.php, db_create.php, index.php, left.php, libraries/sessi...

CVE-2006-5565

CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the 1 name, 2 file, 3 module, and 4 func parameters in a index.php; and the 5 file parameter in b modules.php. NOTE: the provenance of this information is unknown;...

CVE-2006-5566

CRLF injection vulnerability (CVE-2006-5566) in Shop-Script’s premium/index.php allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via CRLF sequences in the following parameters: links_exchange, news, search_with_change_category_ability, logging, feedback...

CVE-2006-5565

CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the 1 name, 2 file, 3 module, and 4 func parameters in a index.php; and the 5 file parameter in b modules.php. NOTE: the provenance of this information is unknown;...

CVE-2006-5565

CVE-2006-5565 concerns a CRLF injection vulnerability in MAXdev MD-Pro 1.0.76. The flaw allows remote attackers to inject arbitrary HTTP headers by inserting a CRLF sequence into parameters (name, file, module, func) in index.php and the file parameter in modules.php. The accompanying data notes ...

CVE-2006-5442

ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting XSS attacks that inject arbitrary UTF-7 encoded JavaScript code via a view...