Information disclosure

Melange Chat Server aka M-Chat, when accessed via a web browser, automatically sends cookies and other sensitive information for a server to any port specified in the associated link, which allows local users on that server to read the cookies from HTTP headers and possibly gain sensitive...

[SA18923] Leif M. Wright's Blog Multiple Vulnerabilities

TITLE: Leif M. Wright's Blog Multiple Vulnerabilities SECUNIA ADVISORY ID: SA18923 VERIFY ADVISORY: http://secunia.com/advisories/18923/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access WHERE: From remote SOFTWARE: Leif M...

CVE-2005-4712

CVE-2005-4712 affects PHP Handicapper’s process_signup.php, where CRLF injection in the login parameter allows remote attackers to inject HTTP headers. The Red Hat entry repeats this description; other connected documents (e.g., PT Security) discuss a separate related issue (SQL injection) in the...

[SA18790] Clever Copy HTTP Headers Script Insertion Vulnerabilities

TITLE: Clever Copy HTTP Headers Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA18790 VERIFY ADVISORY: http://secunia.com/advisories/18790/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Clever Copy 2.x http://secunia.com/product/5445/ Clever Copy...

Mandrake Linux Security Advisory : php (MDKSA-2006:028)

Multiple response splitting vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors, possibly involving a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function. CVE-2006-0207 Multiple cross-site...

CVE-2006-0207

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function...

Design/Logic Flaw

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function...

CVE-2005-4749

HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors...

CVE-2005-4579

Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container BLC P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form...

CVE-2005-4579

Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container BLC P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form...

CVE-2005-4579

Technical specifics (affected product/version, root cause, impact, and fixes) are not provided in the supplied documents. No concrete exploit details are available. Monitor for updates from vendors and advisories to obtain detailed mitigations.

CVE-2005-4521

CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via 1 the return parameter in logincookietest.php and 2 ref parameter in loginselectprojpage.php...

CVE-2005-4521

CVE-2005-4521 is a CRLF injection vulnerability in Mantis (affected: 1.0.0rc3 and earlier) that lets remote attackers modify HTTP headers and perform HTTP response splitting via the login_cookie_test.php return parameter and the login_select_proj_page.php ref parameter. The issue is documented in...

[VulnWatch] XSS & Header Injection in Drupal and vBulletin

A fake image header with actual html body content was able to get past phpbb's input validation. An exploit was issued for phpbb a month ago and that sparked me to check some other webapps. vbulletin 3.5.0 forum file attachments did not sanitize against this, as a result Jelsoft quickly issued...

CVE-2004-2582

Novell iChain 2.3 includes the build number in the VIA line of the proxy server's HTTP headers, which allows remote attackers to obtain sensitive information...

CVE-2004-2582

The vulnerability CVE-2004-2582 affects Novell iChain 2.3. The issue is that the proxy server’s HTTP VIA header line reveals the build number, enabling remote attackers to obtain sensitive information. The available documents confirm the affected product and the root cause (build number disclosur...

BrowseGate HTTP headers overflows

It was possible to kill the BrowseGate proxy by sending it an invalid request with too long HTTP headers Authorization and Referer A cracker may exploit this vulnerability to make your web server crash continually or even execute arbirtray code on your system. OpenVAS Vulnerability Test $Id:...

BrowseGate HTTP headers overflows

It was possible to kill the BrowseGate proxy by sending it an invalid request with too long HTTP headers Authorization and Referer SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Private IP address leaked in HTTP headers

This web server leaks a private IP address through its HTTP headers. SPDX-FileCopyrightText: 2001 Alert4Web.com, 2003 Westpoint Ltd Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2005-3398

The default configuration of the web server for the Solaris Management Console SMC in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers...