CVE-2018-15839

D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header...

Buffer overflow

D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header...

CVE-2018-15839

D-Link DIR-615 is affected by CVE-2018-15839: a buffer overflow can be triggered by a long Authorization HTTP header (or session cookie) in the device, enabling a denial of service effect that logs the router out and disrupts network connectivity. Exploit demonstrations describe injecting a long ...

BillCipher - Information Gathering Tool For A Website Or IP Address

Information Gathering tool for a Website or IP address, use some ideas from Devploit. BillCipher can work in any operating system if they have and support Python 2, Python 3, and Ruby. Features DNS Lookup Whois Lookup GeoIP Lookup Subnet Lookup Port Scanner Page Links Zone Transfer HTTP Header Ho...

Design/Logic Flaw

An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages...

CVE-2018-3911

An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages...

CVE-2018-3911

An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages...

CVE-2018-3911

CVE-2018-3911 affects Samsung SmartThings Hub STH-ETH-250 (firmware 0.20.17). The hubCore process listens on port 39500 and forwards unauthenticated JSON to remote SmartThings servers, which mishandle JSON and can inject CRLF into HTTP requests sent to the internal video-core HTTP server. This en...

CVE-2018-15172

TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header...

Buffer overflow

TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header...

CVE-2018-15172

TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header...

CVE-2018-15172

CVE-2018-15172 affects TP-Link WR840N devices, where a buffer overflow can be triggered by a long Authorization HTTP header. The vulnerability is documented as a buffer overflow leading to potential denial of service on the WR840N; PoC/exploit activity exists (e.g., via sending an abnormally long...

Crlf injection

Possible CRLF injection allowing HTTP response splitting attacks for sites which use moduserdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 Affected...

Drupal 8.x < 8.5.6 Symfony Risky HTTP Header Restriction Bypass Vulnerability (SA-CORE-2018-005)

According to its self-reported version, the instance of Drupal running on the remote web server is 8.x prior to 8.5.6. It is, therefore, affected by a restriction bypass vulnerability in the embedded Symfony library. Note that Nessus has not tested for these issues but has instead relied only on...

PHP 7.x < 7.0.27, 7.1.x < 7.1.13, 7.2.0 Unspecified Vulnerability - Linux

PHP is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

UBUNTU-CVE-2018-14884

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because httpheadervalue in ext/standard/httpfopenwrapper.c can be a NULL value that is mishandled in an atoi call...

Samsung SmartThings Hub hubCore Port 39500 HTTP Header Injection Vulnerability(CVE-2018-3911)

Summary An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controll...

HTTP header injection in Plone and Zope2

ZPublisher.HTTPRequest.scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed LF character...

GHSA-77HV-8796-8CCP HTTP header injection in Plone and Zope2

ZPublisher.HTTPRequest.scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed LF character...

Security Bulletin: Denial of Service attack possible on Cúram instances using Apache Commons FileUpload (CVE-2014-0050)

Summary A version of Apache Commons FileUpload shipped with Cúram is vulnerable to a denial of service attack. Vulnerability Details CVEID: CVE-2014-0050 DESCRIPTION: Apache Commons FileUpload is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for...