3 matches found
SUSE CVE-2011-4203
CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable...
Rockstar Games: CSRF in 'set.php' via age causes stored XSS on 'get.php' - http://www.rockstargames.com/php/videoplayer_cache/get.php'
Hello, Background: Sending a POST request to set.php with age='PAYLOAD' will cause a stored XSS on the GET.php file most likely caused by the cookie, since that's what the age is based on. For this vulnerability and in order to demonstrate BOTH CSRF and XSS I have written a simple script tested o...
UBUNTU-CVE-2011-4203
CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable...