lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 22 Dec 2006 08:26:12 +0000
From: "putosoft softputo" <>
Subject: Re: Oracle Portal 10g HTTP Response Splitting

>From: "Brian Eaton" <>
>To: "putosoft softputo" <>
>Subject: Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting
>Date: Wed, 20 Dec 2006 13:55:09 -0500
>On 12/20/06, putosoft softputo <> wrote:
>>Oracle Portal/Applications HTTP Response Splitting
>So they let the URL specify the content-encoding?  They might be
>vulnerable to XSS via UTF-7 as well.

Yeah, it is.

Moda para esta temporada. Ponte al día de todas las tendencias.

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists