CVE-2016-4793

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...

CVE-2016-6484

CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf...

CVE-2016-6603

ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header...

CVE-2016-6603

CVE-2016-6603 affects ZOHO WebNMS Framework 5.2 and 5.2 SP1. The vulnerability allows remote attackers to bypass authentication and impersonate arbitrary users by sending a manipulated UserName HTTP header, enabling session hijacking via the GetChallengeServlet in WebNMS. Multiple connected sourc...

CVE-2016-4793

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...

[SECURITY] [DLA 761-1] python-bottle security update

Package : python-bottle Version : 0.10.11-1+deb7u2 CVE ID : CVE-2016-9964 Debian Bug : 848392 It was discovered that bottle, a WSGI-framework for the Python programming language, did not properly filter "\r\n" sequences when handling redirections. This allowed an attacker to perform CRLF attacks...

ASP.NET Core 5-RC1 HTTP Header Injection Vulnerability

ASP.NET Core version 5.-RC1 suffers from an HTTP header injection vulnerability. Product: ASP.NET Core Vendor: Microsoft https://www.microsoft.com CSNC ID: CSNC-2016-006 Subject: HTTP Header Injection Risk: Medium Effect: HTTP Header manipulation Author: Reto Schadler email protected Date:...

ASP.NET Core 5-RC1 HTTP Header Injection

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: ASP.NET Core Vendor: Microsoft https://www.microsoft.com CSNC ID: CSNC-2016-006 Subject: HTTP Header Injection Risk: Medium Effect: HTTP Header manipulation Author: Reto Schadler [email protected] Dat...

Debian DSA-3743-1 : python-bottle - security update

It was discovered that bottle, a WSGI-framework for the Python programming language, did not properly filter '\r\n' sequences when handling redirections. This allowed an attacker to perform CRLF attacks such as HTTP header injection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[SECURITY] [DSA 3743-1] python-bottle security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3743-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 20, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3743-1] python-bottle security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3743-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 20, 2016 https://www.debian.org/security/faq -...

DSA-3743-1 python-bottle - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3743-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-3271

Apache Tika server aka tika-server in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header...

CVE-2015-3271

Apache Tika server aka tika-server in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header...

LocalTapiola: Reflected XSS on sankarikoulutus (viestinta.lahitapiola.fi)

Basic report information Summary: Hi, The ctx parameter in http://viestinta.lahitapiola.fi/webApp/sankarikoulutus, can be exploited to perform an XSS Attack. Description: When a user clicks on a map area, The following POST request is generated : POST / HTTP/1.1 Host: viestinta.lahitapiola.fi...

Denial Of Service (DoS)

netty-codec-http is vulnerable to denial of service DoS attacks. These attacks are possible because it does not respect the limit on max http header size. This is caused because control characters are indefinitely skipped and the parsing never ends...

GLSA-201612-13 : nghttp2: Denial of Service

The remote host is affected by the vulnerability described in GLSA-201612-13 nghttp2: Denial of Service Nghttpd, nghttp, and libnghttp2asio applications do not limit the memory usage for the incoming HTTP header field. If a peer sends a specially crafted HTTP/2 HEADERS frame and CONTINUATION fram...

Open-Xchange: Web Browser XSS Protection Not Enabled

Web Browser XSS Protection is not enabled, or is disabled by the configuration of the 'X-XSS-Protection' HTTP response header on the web server http://www.dovecot.fi/s=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Csystem.ini&submit=Search...

Code injection

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak...