35 matches found
The vulnerability of the Node.js software platform is related to an error in handling HTTP headers, which allows attackers to trigger a service failure.
The vulnerability of the Node.js software platform is related to an error in handling HTTP header names. Exploiting this vulnerability can allow a remote attacker to cause service failures...
USN-4213-1 squid, squid3 vulnerabilities
Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. CVE-2019-12523 Jeriko One...
OPENSUSE-SU-2019:2522-1 Security update for go1.12
This update for go1.12 fixes the following issues: Security issues fixed: - CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling bsc1152082. - CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys bsc1154402. Non-security issue fixed:...
SUSE-SU-2019:2940-1 Security update for go1.12
This update for go1.12 fixes the following issues: Security issues fixed: - CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling bsc1152082. - CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys bsc1154402. Non-security issue fixed:...
PT-2019-3170 · Cisco · Cisco Firepower Services Software For Asa +2
Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense Software affected versions not specified Cisco FirePOWER Services Software for ASA affected versions not specified Cisco Firepower Management Center Software affected versions not specified Description: The issu...
CVE-2017-1000059
Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users...
CVE-2017-1000059
Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users...
Cisco FireSIGHT System Software Snort Rule Bypass Vulnerability
Cisco FireSIGHT System Software is the United States Cisco Cisco company's set of management center software, which supports the centralized management of the use of FirePOWER Services Cisco ASA and Cisco FirePOWER network security appliances network security and operational functions of the...
LogicalDoc Document Managment System CE: source code security analysis report
Several vulnerabilities were discovered in LogicalDOC 'LogicalDoc Document Managment System CE' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Отсутствие верификации цифровой подписи исполняемых файлов, полученных из...
IBM WebSphere Application Server 7.0 < Fix Pack 35 Multiple Vulnerabilities
The remote host is running a version of IBM WebSphere Application Server 7.0 prior to Fix Pack 35. It is, therefore, affected by the following vulnerabilities : - Multiple errors exist related to the included IBM HTTP server that could allow remote code execution or denial of service...
MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution
This module exploits the MiniUPnP 1.0 SOAP stack buffer overflow vulnerability present in the SOAPAction HTTP header handling. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MiniUPnPd 1.0 Stac...
FireFly Mediaserver 1.0.0.1359 NULL Pointer Dereference
FireFly Mediaserver version 1.0.0.1359 suffers from a denial of service vulnerability that can be triggered by a NULL pointer dereference. Product: FireFly Mediaserver Vendor: FireFly Vulnerable Versions: 1.0.0.1359 and probably prior Tested Version: 1.0.0.1359 in Windows 7 SP1 Vendor Notificatio...
Weborf 'get_param_value()' Function HTTP Header Handling Denial Of Service Vulnerability
Weborf is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to crash, denying service to legitimate users. Versions prior to Weborf 0.12.5 are vulnerable. OpenVAS Vulnerability Test $Id: gbweborf46054.nasl 7015 2017-08-28 11:51:24Z teissa...
Novell iPrint Client < 5.56 Multiple Vulnerabilities
The version of Novell iPrint Client installed on the remote host is earlier than 5.56. Such versions are reportedly affected by one or more of the following vulnerabilities that can allow for arbitrary code execution : - The iPrint ActiveX control fails to sanitize input to the 'GetDriverSettings...
Web Server HTTP Header Handling Remote Overflow
It was possible to kill the web server by sending an invalid request with a long header name or value. A remote attacker may exploit this vulnerability to make the web server crash continually or even execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if description...