Devploit v3.6 - Information Gathering Tool

Devploit is a simple python script to Information Gathering. Download: git clone https://github.com/joker25000/Devploit How to use: cd Devploit chmod +x install ./install Run in Terminal Devploit To run in Android you do not install file Run direct python2 Devploit Properties: DNS Lookup Whois...

Debian DLA-1399-1 : ruby-passenger security update

Two flaws were discovered in ruby-passenger for Ruby Rails and Rack support that allowed attackers to spoof HTTP headers or exploit a race condition which made privilege escalation under certain conditions possible. CVE-2015-7519 Remote attackers could spoof headers passed to applications by usin...

[SECURITY] [DLA 1399-1] ruby-passenger security update

Package : ruby-passenger Version : 4.0.53-1+deb8u1 CVE ID : CVE-2015-7519 CVE-2018-12029 Debian Bug : 864651 Two flaws were discovered in ruby-passenger for Ruby Rails and Rack support that allowed attackers to spoof HTTP headers or exploit a race condition which made privilege escalation under...

CVE-2018-12706

DIGISOL DG-BR4000NG wireless router has a buffer overflow vulnerability in the web interface triggered by a long Authorization HTTP header. Connected sources describe exploitation PoCs that add excessive data after the Basic Authorization string, causing the router to restart and the web interfac...

CVE-2018-12706

DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header...

Design/Logic Flaw

Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values...

CVE-2018-7680

Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values...

CVE-2018-7680

The CVE-2018-7680 entry concerns Micro Focus Solutions Business Manager versions prior to 11.4, where the product can reflect back HTTP header values. This is supported by NVD data (reflect back HTTP header values) and CNVD/PRION/other entries referencing SBM pre-11.4. The connected documents do ...

CVE-2018-7680

Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values...

Security Bulletin: Vulnerabilities in Python affect PowerKVM

Summary PowerKVM is affected by five vulnerabilities in Python. These vulnerabilities are now fixed. Vulnerability Details Affecting both PowerKVM 3.1 and PowerKVM 2.1: CVEID: CVE-2016-0772 DESCRIPTION: Python's smtplib library is vulnerable to a stripping attack. An exception isn't returned by t...

Security Bulletin: Vulnerability in Apache Cordova affects IBM Worklight, IBM Mobile Foundation and IBM MobileFirst Platform Foundation (CVE-2015-5204)

Summary Apache Cordova File Transfer Plugin for Android is vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will all...

Security Bulletin: OpenSource Python Vulnerablities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2016-5699, CVE-2016-5636)

Summary Vulnerabilities in Open Source Python affect IBM Tivoli Application Dependency Discovery Manager Vulnerability Details CVEID: CVE-2016-5699 DESCRIPTION: urllib2 and urllib for Python are vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to...

Security Bulletin: IBM Maximo Asset Management could allow a local attacker to obtain sensitive information using HTTP Header Injection (CVE-2017-1124)

Summary IBM Maximo Asset Management could allow a local attacker to obtain sensitive information using HTTP Header Injection. Vulnerability Details CVEID: CVE-2017-1124 DESCRIPTION: IBM Maximo Asset Management could allow a local attacker to obtain sensitive information using HTTP Header Injectio...

Security Bulletin: IBM Security Access Manager is affected by vulnerabilities in Python (CVE-2016-0772, CVE-2016-5699, CVE-2016-1000110)

Summary Vulnerabilities have been identified in Python. IBM Security Access Manager appliances use Python and are affected by these vulnerabilities. Vulnerability Details CVEID: CVE-2016-0772 DESCRIPTION: Python's smtplib library is vulnerable to a stripping attack. An exception isn't returned by...

Design/Logic Flaw

An XXE issue was discovered in Automated Logic Corporation ALC WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via t...

Eclipse Vert.x 3.5.1 HTTP Header Injection

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Vert.x 1 CSNC ID: CSNC-2018-021 Subject: HTTP Header Injection Risk: Medium Effect: Remotely exploitable Author: Lukasz D. [email protected] Date: 12.06.2018 Introduction: ------------- Eclipse...

Regular Expression Denial Of Service (ReDoS)

charset is vulnerable to regular expression denial of service ReDoS attacks. A malicious user can pass a string to the through the HTTP header to cause a ReDoS attack...

Microsoft Open Redirect

Exploit Title: Open Redirect at Microsoft Date: 28.05.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.microsoft.com/ Software : Microsoft Service Website Software Version : 1.0.0 Vulnerability : Open Redirect CWE : CWE-601: URL Redirection to Untrusted Site 'Open Redirect'...

[SECURITY] [DLA 1389-1] apache2 security update

Package : apache2 Version : 2.2.22-13+deb7u13 CVE ID : CVE-2017-15710 CVE-2018-1301 CVE-2018-1312 Debian Bug : Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that modauthnzldap, if configured with AuthLDAPCharsetConfig,...

HTTP Header Injection

excon is vulnerable to HTTP Header Injection through header splitting. The vulnerability exists as special newline characters such as \r\n could be used to split the HTTP header, allowing HTTP Header Injection attacks...