39 matches found
EUVD-2008-0466
Malware in sbrugna...
EUVD-2014-3033
Malware in sbrugna...
CVE-2023-4768
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.p...
Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server
Summary The following security issues have been identified in the WebSphere Application and IBM HTTP Server included as part of IBM Tivoli Monitoring ITM portal server: CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001. The remediation also includes Java 8 SR7 FP20...
Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products
Summary Vulnerabilities in the Apache Tomcat component affect the management GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products. The CLI interface is unaffected. The CVEs are CVE-2016-6796 CVE-2016-6816 CVE-2016-6817. Vulnerability Details CVEID: CVE-2016-6796 DESCRIPTIO...
Security Bulletin: Vulnerabilities in Websphere Liberty Profile (WLP) affect Power Management Console (CVE-2015-2017, CVE-2015-1927, CVE-2015-4938)
Summary Websphere liberty Profile is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-4938 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to spoof a servlet. An attacker could exploit this...
[SECURITY] [DSA 4662-1] openjdk-11 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4662-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 24, 2020 https://www.debian.org/security/faq -...
EulerOS 2.0 SP2 : httpd (EulerOS-SA-2019-2402)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Possible CRLF injection allowing HTTP response splitting attacks for sites which use moduserdir. This issue was mitigated by changes made in 2.4....
CVE-2018-16181
Summary: CVE-2018-16181 is an HTTP header injection vulnerability in Digital Arts i-FILTER (Ver. 9.50R05 and earlier) that can enable remote attackers to inject headers and trigger HTTP response splitting, potentially causing arbitrary script execution or cookie manipulation. Affected software: i...
CRLF Injection
Jetty Server is vulnerable to CRLF injection. A remote attacker is able to inject arbitrary HTTP headers into the server response to perform response splitting attacks via the reason string in AbstractGenerator.java...
Security Bulletin: Apache Tomcat vulnerability affects IBM Storwize V7000 Unified (CVE-2016-6816, CVE-2016-6817, CVE-2016-8735 )
Summary Apache Tomcat vulnerability affects IBM Storwize V7000 Unified. Vulnerability Details This bulletin relates to vulnerabilities in the Apache Tomcat component which is used to provide the product’s management GUI. The CLI interface is unaffected. CVEID: CVE-2016-6816 DESCRIPTION: Apache...
Security Bulletin: IBM WebSphere Application Server Liberty Profile vulnerability affects IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2016-0359)
Summary WebSphere Application Server Liberty Profile that is embedded in TADDM is potentially vulnerable to HTTP response splitting Vulnerability Details CVEID: CVE-2016-0359 DESCRIPTION: IBM WebSphere Application Server is vulnerable to HTTP response splitting attacks. A remote attacker could...
Security Bulletin: Vulnerabilities exist in Watson Explorer Analytical Components, Watson Explorer Annotation Administration Console, Watson Content Analytics, IBM Content Analytics, and OmniFind Enterprise Edition
Summary Security vulnerabilities have been identified in IBM Watson Explorer Analytical Components, Watson Explorer Foundational Components Annotation Administration Console, IBM Watson Content Analytics, IBM Content Analytics, and OmniFind Enterprise Edition. Not all vulnerabilites affect all...
CVE-2015-2028
CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL...
Crlf injection
CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting XSS attacks, via a crafted request, aka Bug ID...
openSUSE Security Update : curl (openSUSE-2015-125)
was updated to version 7.40.0 to fix two security issues. These security issues were fixed : - CVE-2014-8150: CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allowed remote attackers to inject arbitrary HTTP headers and conduct HTTP response...
Crlf injection
CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter...
Crlf injection
CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL...
CVE-2014-1956
CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...
Crlf injection
CRLF injection vulnerability in the HMI web application in Siemens WinCC TIA Portal 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL...