Kallithea 0.2.9 HTTP Response Splitting Vulnerability

Kallithea suffers from a HTTP header injection response splitting vulnerability because it fails to properly sanitize user input before using it as an HTTP header value via the GET 'camefrom' parameter in the login instance. This type of attack not only allows a malicious user to control the...

Kallithea 0.2.9 HTTP Response Splitting

Kallithea 0.2.9 camefrom HTTP Response Splitting Vulnerability Vendor: Kallithea Product web page: https://www.kallithea-scm.org Version affected: 0.2.9 and 0.2.2 Summary: Kallithea, a member project of Software Freedom Conservancy, is a GPLv3'd, Free Software source code management system that...

Kallithea 0.2.9 - 'came_from' HTTP Response Splitting

Kallithea 0.2.9 camefrom HTTP Response Splitting Vulnerability Vendor: Kallithea Product web page: https://www.kallithea-scm.org Version affected: 0.2.9 and 0.2.2 Summary: Kallithea, a member project of Software Freedom Conservancy, is a GPLv3'd, Free Software source code management system that...

SnoopServlet Cross Site Scripting

SnoopServlet simply echos back the request line and the headers that were sent by the client, plus any HTTPS information. Search Google for: j2ee/servlet/snoopservlet to find a lot of vuln sites. PoC:...