UBUNTU-CVE-2015-5740

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers...

CVE-2015-5739

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."...

Linksys E Series - Multiple Vulnerabilities

Linksys E Series - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Linksys E series, see "Vulnerable / tested versions" vulnerable version: see "Vulnerable /...

Linksys E Series - Multiple Vulnerabilities

Exploit for hardware platform in category web applications ======================================================================= title: Multiple vulnerabilities product: Linksys E series, see "Vulnerable / tested versions" vulnerable version: see "Vulnerable / tested versions" fixed version: no...

Linksys E Series - Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Linksys E series, see "Vulnerable / tested versions" vulnerable version: see "Vulnerable / tested versions" fixed version: no public fix...

CVE-2017-12246

A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service DoS condition. The vulnerability is due...

CVE-2017-12246

A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service DoS condition. The vulnerability is due...

Cross site request forgery (csrf)

Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided...

CVE-2016-6806

Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided...

Radancy: [werkenbijmcdonalds.nl] Unsafe-inline in "script-src" results in "bootstrapping" or passing data to JavaScript from HTML pages.

Hi Dear Maximum Team Hope you are good! Vulnerablity Summary The HTTP header of the werkenbijmcdonalds.nl website includes an unsafe-inline parameter for "script-src". Impact: However, the "script-src" parameter is set to "unsafe-inline" or "unsafe-eval", which allows injection of user passed...

CVE-2017-14920

Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator...

CVE-2017-14920

CVE-2017-14920 describes a stored XSS in eGroupware Community Edition prior to 16.1.20170922. An unauthenticated remote attacker can inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator. The vulnerability affects eGroupware as des...

CVE-2017-14920

Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator...

Moxa AWK-3131A Web Application bkpath HTTP Header Injection Vulnerability(CVE-2016-8720)

Summary An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the...

CVE-2014-9463

functionsvbseohook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php...

To delete two headers in HTTP Response

In certain cases, we do not want to parse the HTTP headers to the end Client. NetScaler can do this job by deleting the HTTP header received from the Server. We can use Rewrite feature of NetScaler to achieve this. Configuration AppExperts Rewrite. Step 1 : To remove HTTP header named "Server" CL...

Red Hat JBoss EAP HTTP Header Injection Vulnerability

Red Hat JBoss Enterprise Application Platform EAP is the United States Red Hat Red Hat company's set of open source, J2EE-based middleware platform. The platform is mainly used to build, deploy and host Java applications and services. A security vulnerability exists in Red Hat JBoss EAP versions...

Regular Expression Denial of Service

Overview Affected versions of tough-cookie are susceptible to a regular expression denial of service. The amplification on this vulnerability is relatively low - it takes around 2 seconds for the engine to execute on a malicious input which is 50,000 characters in length. If node was compiled usi...

CVE-2017-14194

The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer...

Cross site scripting

The callmsg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer...