Lucene search
K

88 matches found

NVD
NVD
added 2023/03/09 11:15 p.m.17 views

CVE-2022-3767

Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host...

7.7CVSS7.6AI score0.00746EPSS
Exploits1References2
OSV
OSV
added 2023/03/09 11:15 p.m.3 views

UBUNTU-CVE-2022-3767

Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host...

7.7CVSS5.8AI score0.00746EPSS
Exploits1References2
NVD
NVD
added 2023/03/09 8:15 p.m.27 views

CVE-2022-4317

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects...

6.1CVSS5.2AI score0.00541EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/09 12:0 a.m.7 views

GitLab 输入验证错误漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab versions 1.47 through prior to 3.0.5...

6.1CVSS6.3AI score0.00541EPSS
Exploits1References4
CVE
CVE
added 2023/03/09 12:0 a.m.76 views

CVE-2022-3767

GitLab CVE-2022-3767 affects the DAST analyzer in GitLab where missing validation allows custom request headers to be sent with every request, regardless of host, for all versions 1.11.0 up to 3.0.31. The impact includes potential exposure of sensitive data (confidentiality impact) as indicated b...

7.7CVSS6.2AI score0.00746EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/09 12:0 a.m.2 views

PT-2023-13546 · Unknown · Dast Analyzer

Name of the Vulnerable Software and Affected Versions: DAST analyzer versions 1.11.0 through 3.0.32 Description: The issue is related to missing validation in the DAST analyzer, which allows custom request headers to be sent with every request, regardless of the host. This affects all versions fr...

7.7CVSS7.5AI score0.00746EPSS
Exploits1References10
OSV
OSV
added 2023/03/09 12:0 a.m.25 views

CVE-2022-4317

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects...

5CVSS6.3AI score0.00541EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.5 views

SUSE CVE-2009-2816

The implementation of Cross-Origin Resource Sharing CORS in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to...

6.8CVSS6.3AI score0.01553EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.3 views

SUSE CVE-2020-15693

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or value...

6.5CVSS6.6AI score0.02048EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/11/04 12:0 a.m.4 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from a security vulnerability that stems from a lack of...

7.7CVSS6.9AI score0.00746EPSS
Exploits1References4
Kitploit
Kitploit
added 2022/06/12 9:30 p.m.46 views

DOMDig - DOM XSS Scanner For Single Page Applications

DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications SPA recursively. Unlike other scanners, DOMDig can crawl any webapplication including gmail by keeping track of DOM modifications and XHR/fetch/websocket requests and it can simulate a...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2021/10/09 11:30 a.m.14 views

AF-ShellHunter - Auto Shell Lookup

AF-ShellHunter: Auto shell lookup AF-ShellHunter its a script designed to automate the search of WebShell's in AF Team How to pip3 install -r requirements.txt python3 shellhunter.py --help Basic Usage You can run shellhunter in two modes --url -u When scanning a single url --file -f Scanning...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2021/08/11 9:30 p.m.256 views

Wsh - Web Shell Generator And Command Line Interface

wsh pronounced woosh is a web shell generator and command line interface. This started off as just an http client since interacting with webshells is a pain. There's a form, to send a command you have to type in an input box and press a button. I wanted something that fits into my workflow better...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2020/05/14 12:30 p.m.133 views

DalFox (Finder Of XSS) - Parameter Analysis And XSS Scanning Tool Based On Golang

Finder Of XSS, and Dal is the Korean pronunciation of moon. What is DalFox Just, XSS Scanning and Parameter Analysis tool. I previously developed XSpear, a ruby-based XSS tool, and this time, a full change occurred during the process of porting with golang!!! and created it as a new project. The...

6.9AI score
Exploits0References4
Prion
Prion
added 2019/12/23 3:15 a.m.34 views

Double free

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations...

7.5CVSS9.3AI score0.04218EPSS
Exploits0References7Affected Software4
OSV
OSV
added 2018/02/06 6:25 a.m.11 views

MGASA-2018-0110 Updated curl packages fix security vulnerability

It was reported that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. When accessed, the data is read out of bounds and causes either a crash or that the too large data gets passed to the libcurl callback. This might lead to a...

9.1CVSS8.7AI score0.04556EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/01/29 12:0 a.m.39 views

FreeBSD : cURL -- Multiple vulnerabilities (0cbf0fa6-dcb7-469c-b87a-f94cffd94583)

The cURL project reports : libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X...

9.8CVSS7AI score0.08031EPSS
Exploits0References3
Prion
Prion
added 2018/01/24 10:29 p.m.31 views

Authentication flaw

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is...

5CVSS7.7AI score0.08031EPSS
Exploits0References14Affected Software14
OSV
OSV
added 2018/01/24 10:29 p.m.35 views

CVE-2018-1000007

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is...

9.8CVSS9.7AI score0.08031EPSS
Exploits0References14
OSV
OSV
added 2018/01/24 10:29 p.m.1 views

DEBIAN-CVE-2018-1000007

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is...

9.8CVSS7.4AI score0.08031EPSS
Exploits0References1
Rows per page
Query Builder