ownCloud: [doc.owncloud.org] CRLF Injection

PoC: http://doc.owncloud.org/%23%0dSet-Cookie:crlf=injection;domain=.owncloud.org; HTTP Response: HTTP/1.1 301 Moved Permanently\r\n Date: Wed, 27 Jul 2016 07:58:47 GMT\r\n Server: Apache\r\n Location: https://doc.owncloud.org/\r injection \r Set-Cookie:crlf=injection;domain=.owncloud.org;\r\n...

Late at night released: httpoxy Remote Agent infection vulnerability analysis update poc-the exploit-warning-the black bar safety net

Author: cyg07@3 6 0 Information Security Department A． Foreword httpoxy is a newly exposed vulnerability is mainly present in apache and other components in the HTTP header of the Proxy Field name is converted to“HTTPPROXY”, Value value is unchanged, and thus will be passed to the corresponding C...

httpoxy Remote Agent infection vulnerability

Vulnerability details and summary from the A． Foreword httpoxy is a newly exposed vulnerability is mainly present in apache and other components in the HTTP header of the Proxy Field name is converted to“HTTPPROXY”, Value value is unchanged, and thus will be passed to the corresponding CGI to...

SUSE-SU-2016:1818-1 Security update for apache2

This update for apache2 fixes the following issues: It used to be possible to set an arbitrary $HTTPPROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request CVE-2016-5387. As a result, these server components would...

Researchers Crack Furtim, SFG Malware Connection

New research is challenging what security researchers know about Furtim, a new malware strain that has been compared to Stuxnet because of its believed targeting of industrial controls in energy companies. According to security experts at Damballa, Furtim and the recently discovered SFG malware a...

PHP < 5.4.38, < 5.5.22, < 5.6.6 HTTP Header Content Injection XSS

Binary data 802020.prm...

Radancy: Application error message

Attack details HTTP Header input X-Forwarded-For was set to 12345'"'";|%00%0d%0a%bf%27'??? Error message found: Warning: inetpton function.inet-pton: Unrecognized address 12345'"\'\";|%00%0d%0a%00%bf%27' in...

CVE-2016-0400

Summary of this CVE (CVE-2016-0400) : IBM WebSphere eXtreme Scale (client) is vulnerable to an HTTP response splitting/CRLF injection due to improper validation of user-supplied input when processing crafted requests. The issue can allow an attacker to inject arbitrary HTTP headers via a crafted ...

FreeBSD : Python -- HTTP Header Injection in Python urllib (a61374fc-3a4d-11e6-a671-60a44ce6887b)

Guido Vranken reports : HTTP header injection in urrlib2/urllib/httplib/http.client with newlines in header values, where newlines have a semantic consequence of denoting the start of an additional header line. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

Ruby HTTP Header Injection

TIMELINE rootredrain submitted a report to Ruby. show raw Jun 22nd Hi, I would like to report a HTTP Header injection vulnerability in 'net/http' that allows attackers to inject arbitrary headers in request even create a new evil request. PoC require 'net/http' http =...

Design/Logic Flaw

Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network...

MGASA-2016-0230 Updated python packages fix security vulnerabilities

Updated python and python3 packages fixes security vulnerability: - Heap overflow in zipimporter module CVE-2016-5636. - HTTP header injection in urrlib2/urllib/httplib/http.client CVE-2016-5699. - smtplib StartTLS stripping attack CVE-2016-0772...

Python urllib HTTP header injection vulnerability-vulnerability warning-the black bar safety net

The Python urllib library in Python 2 for urllib2 in Python 3 to urllib is a HTTP Protocol the following Protocol flow injection vulnerabilities. If an attacker can control the Python code to access an arbitrary URL, or allow Python code to access a malicious web servr, and that this vulnerabilit...

Security Advisory - Token Transmission in Plaintext Vulnerability in OceanStor Products

The OceanStor 5300 V3/5500 V3/5600 V3/5800 V3/6800 V3/ 18800 V3/18500 V3 are mid-range and high-end storage products newly developed by Huawei Technologies Co., Ltd Huawei for short. This series is ideal for processing existing storage applications and follows the future development trend of...

JVN#48847535: Trend Micro enterprise products multiple vulnerabilities

Multiple enterprise products provided by Trend Micro Incorporated contain the following vulnerabilities. Directory Traversal - CVE-2016-1223 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 4.3 CVSS v2| AV:A/AC:L/Au:N/C:P/I:N/A:N| Base Score:...

LogicalDoc Document Managment System CE: source code security analysis report

Several vulnerabilities were discovered in LogicalDOC 'LogicalDoc Document Managment System CE' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Отсутствие верификации цифровой подписи исполняемых файлов, полученных из...

Drupal 6.x < 6.38 Multiple Vulnerabilities (SA-CORE-2016-001) - Linux

Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

JVC XSS / CSRF / Header Injection / Weak Credentials

| | | | \ |\ \ \ / - | | | | - /| //||||,|.// www.orwelllabs.com security advisory olsa-2016-04-01 Adivisory Information +++++++++++++++++++++++ + Title: JVC Multiple Products Multiple Vulnerabilities + Vendor: JVC Professional Video + Research and Advisory: Orwelllabs + Adivisory URL:...

JVC HDRs / Net (Multiple Cameras) - Multiple Vulnerabilities

| | | | \ |\ \ \ / - | | | | - /| //||||,|.// www.orwelllabs.com security advisory olsa-2016-04-01 Adivisory Information +++++++++++++++++++++++ + Title: JVC Multiple Products Multiple Vulnerabilities + Vendor: JVC Professional Video + Research and Advisory: Orwelllabs + Adivisory URL:...

JVC HDRs Net (Multiple Cameras) - Multiple Vulnerabilities

JVC HDRs Net Multiple Cameras - Multiple Vulnerabilities | | | | \ |\ \ \ / - | | | | - /| //||||,|.// www.orwelllabs.com security advisory olsa-2016-04-01 Adivisory Information +++++++++++++++++++++++ + Title: JVC Multiple Products Multiple Vulnerabilities + Vendor: JVC Professional Video +...