HTTP Header Injection

net/textproto in github.com/golang/go is vulnerable to HTTP header injection attacks. These attacks are possible because it treats spaces as hyphens. This leaves net/textproto vulnerable to request smuggling...

Denial Of Service (DoS)

HAProxy is vulnerable to denial of service. Requests are not properly handled when the proxy had certain rules in its configuration that uses hdrip criterion. A remote attacker is able to crash the application using a malicious HTTP header with a certain value in the MAXHDRHISTORY variable...

Cross-site Scripting (XSS)

Python SimpleHTTPServer is vulnerable to cross-site scripting XSS. The listdirectory function in Lib/SimpleHTTPServer.py does not set a charset parameter in the Content-Type HTTP header, allowing an attacker to inject arbitrary Javascript through UTF-7 encoding into Internet Explorer 7 browser vi...

CVE-2018-16181

HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors...

CVE-2018-0689

HTTP header injection vulnerability in SEIKO EPSON printers and scanners DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to...

Design/Logic Flaw

HTTP header injection vulnerability in SEIKO EPSON printers and scanners DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to...

Design/Logic Flaw

HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors...

CVE-2018-0689

CVE-2018-0689 is an HTTP header injection vulnerability in SEIKO EPSON printers and scanners. Affected devices include multiple EPSON models with firmware versions released before set dates (e.g., DS‑570W, DS‑780N, EP‑10VA, EP‑30VA, EP‑707A, and many others listed in the sources). The underlying ...

CVE-2018-16181

HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors...

CVE-2018-0689

HTTP header injection vulnerability in SEIKO EPSON printers and scanners DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to...

CVE-2018-16181

Summary: CVE-2018-16181 is an HTTP header injection vulnerability in Digital Arts i-FILTER (Ver. 9.50R05 and earlier) that can enable remote attackers to inject headers and trigger HTTP response splitting, potentially causing arbitrary script execution or cookie manipulation. Affected software: i...

Webgalamb Information Disclosure / XSS / CSRF / SQL Injection

Summary ------- Vendor: E.N.S. Zrt www.ens.hu Product: Webgalamb www.webgalamb.hu, www.facebook.com/webgalamb Webgalamb is a commercial email marketing software for managing subscription lists and sending out bulk emails. It is not SaaS but a PHP based web application that is typically hosted nex...

CVE-2018-4012

An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bchttpreadheader incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightCloud serve...

CVE-2018-4012

An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bchttpreadheader incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightCloud serve...

Buffer overflow

An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bchttpreadheader incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightCloud serve...

CVE-2018-17193

The CVE-2018-17193 issue affects Apache NiFi where the message-page.jsp error page used the HTTP header X-ProxyContextPath without sanitization, enabling a reflected XSS attack. The root cause is unsanitized usage of the request attribute value in that page. The vulnerability is addressed in NiFi...

Kaspersky: Certificate warnings and similar UI elements in Web protection of Anti-Virus products family are susceptible to clickjacking

Summary Clickjacking can be used to trick users into overriding certificate warnings, disabling Safe Money functionality or phishing alerts. Description On certificate warning pages, a single click is sufficient to trigger overriding a wrong certificate. While an additional warning is displayed...

Information Disclosure

urllib3 is vulnerable to Information Disclosure. The library does not remove Authorization HTTP header during a cross-origin redirect, leading to the disclosure of credentials in the Authorization header...

CVE-2018-6703

Use After Free in Remote logging which is disabled by default in McAfee McAfee Agent MA 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service...

CVE-2018-6703 Remote Logging functionality had a use after free vulnerability in McAfee Agent

Use After Free in Remote logging which is disabled by default in McAfee McAfee Agent MA 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service...