3707 matches found
Denial Of Service (DoS)
undertow-core is vulnerable to denial of service DoS attacks. The application does not check if the HTTP header values it receives are null, allowing a malicious user to pass null header values to fill the heap and cause resource exhaustion...
DEBIAN-CVE-2017-10908
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...
MGASA-2017-0460 Updated java-1.8.0-openjdk packages fix security vulnerabilities
Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2017-10285, CVE-2017-10346 It was discovered that the Kerberos client implementation in the Libraries...
Design/Logic Flaw
Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon...
CVE-2017-17713
Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the...
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.1.0 (RHSA-2017:3455)
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3455 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Re...
eap: HTTP header injection / response splitting
It was reported that EAP 7 Application Server/Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.0 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
eap: HTTP header injection / response splitting
It was reported that EAP 7 Application Server/Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value...
OV3 Online Administration 3.0 Multiple Unauthenticated SQL Injection Vulnerabilities
Summary With the decision to use the OV3 as a platform for your data management, the course is set for scalable, flexible and high-performance applications. Whether you use the OV3 for your internal data management or use it for commercial business applications such as shops, portals, etc. Thanks...
Debian DLA-1187-1 : openjdk-7 security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in impersonation of Kerberos services, denial of service, unauthorized access, sandbox bypass or HTTP header injection. For Debian 7 'Wheezy', these problems have been fixed in versio...
[SECURITY] [DSA 4048-1] openjdk-7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4048-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 23, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1187-1] openjdk-7 security update
Package : openjdk-7 Version : 7u151-2.6.11-2deb7u2 CVE ID : CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 Several vulnerabilities hav...
Debian: Security Advisory (DSA-4048-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Python Meterpreter Shell, Reverse HTTPS Inline
Connect back to the attacker and spawn a Meterpreter shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include Msf::Payload::Python includ...
HTTP Header Injection
CodeIgniter framework is vulnerable to HTTP header injection attacks. These attacks are possible through the setstatusheader function...
Hacker Target: Sending Emails from DNSDumpster - Server-Side Request Forgery to Internal SMTP Access
| Summary: | | -- | HackerTarget is a service that provides access to online vulnerability scanners and tools used by many security professionals and “makes securing your systems easier”. They also are the creators of DNSDumpster which is a popular service used for recon. | Description: | | --|...
Design/Logic Flaw
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the setstatusheader common function under Apache resulting in HTTP Header Injection flaws...
CVE-2017-1000247
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the setstatusheader common function under Apache resulting in HTTP Header Injection flaws...
CVE-2017-1000247
CVE-2017-1000247 affects CodeIgniter 3.1.3 with an HTTP header injection vulnerability in set_status_header() under Apache. Root cause is injection via header handling in that function, leading to header manipulation. A patch is available in CodeIgniter 3.1.4 (see changelog link). If using 3.1.3,...