Moxa AWK-3131A Web Application bkpath HTTP Header Injection Vulnerability

Summary An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the...

Serv-U FTP/MFT Server Unauthenticated Privilege Escalation

Details source: https://www.trustwave.com/Resources/SpiderLabs-Blog/Exploiting-Privilege-Escalation-in-Serv-U-by-SolarWinds/?page=1&year=0&month=0 I was recently working on an external network penetration test where I identified a new vulnerability in a file sharing web application called Serv-U ...

CVE-2017-0887

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the OC-Total-Length HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the...

SUSE-SU-2017:0914-1 Security update for ruby19

This update for ruby19 fixes the following issues: Security issue fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new'initialize' bsc1018808 Bugfixes: - fix small mistake in the backport for bsc986630 - HTTP Header injection in 'net/http' bsc986630 - make the testsuite...

Nextcloud: Server version/OS type disclosure via HTTP Response Header

1 Issued request below: GET / HTTP/1.1 Host: demo.nextcloud.com User-Agent: Mozilla/5.0 Windows NT 6.1; Win64; x64; rv:43.0 Gecko/20100101 Firefox/43.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://demo.nextcloud.com/hohoho/ Cookie:...

F5 BIG-IP - Node.js vulnerability CVE-2016-2216

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as...

Apache Struts 2 Jakarta Multipart Parser file upload command execution

Added: 03/16/2017 CVE: CVE-2017-5638 BID: 96729 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem The Jakarta...

CVE-2016-8024

Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing...

CVE-2017-1124

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference : 1998053...

Design/Logic Flaw

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference : 1998053...

CVE-2017-1124

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference : 1998053...

CVE-2017-1124

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference : 1998053...

CVE-2017-1124

CVE-2017-1124 affects IBM Maximo Asset Management core versions 7.6, 7.5 and 7.1 (and Maximo Asset Management Essentials) plus affected IBM Industry Solutions and Control Desk products when installed on a vulnerable core. Root cause: HTTP header injection enabling local information disclosure by ...

Evostream Media Server 1.7.1 (x64) - Denial of Service

Evostream Media Server 1.7.1 x64 - Denial of Service Exploit Title: Evostream Media Server 1.7.1 – Built-in Webserver DoS Date: 2017-03-07 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: https://evostream.com/software-downloads/ Version: 1.7.1 Tested on:...

CVE-2017-5615

cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location...

JVN#46830433: Multiple I-O DATA network camera products multiple vulnerabilities

Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. HTTP header injection CWE-113 - CVE-2017-2111 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7 CVSS v2|...

Insecure Password Reset

securesocial is vulnerable to insecure password resets. These attacks are possible because an attacker can trigger securesocial to send a password-reset email to a user with with a malicious link included. By setting the "Host" HTTP header to a domain and sending a POST request to securesocial...

Ubiquiti Inc.: AirFibre products vulnerable to HTTP Header injection

The uri GET parameter of Login.cgi is directly used on login to generate HTTP headers without sanitisation. An user could be tricked into logging into the device and then redirected to a malicious location or attacked through other HTTP Header injection attacks. Vulnerable code: if isset$uri &&...

CVE-2016-6603

ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header...

CVE-2016-4793

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...