CVE-2020-15938

When traffic other than HTTP/S eg: SSH traffic, etc... traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header...

CVE-2020-15768

An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if they are able to discover a separate XSS vulnerability. This...

CVE-2020-26163

BigBlueButton Greenlight before 2.5.6 allows HTTP header Host and Origin attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link...

CVE-2014-9575

VDG Security SENSE formerly DIVA before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : colon character in the Authorization HTTP header...

CVE-2018-16118

A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header...

CVE-2019-18873

FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload...

CVE-2019-6631

On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs...

CVE-2019-19000

For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP headers have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information...

CVE-2019-18657

ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function...

CVE-2019-14458

VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header...

CVE-2019-14457

VIVOTEK IP Camera devices with firmware before 0x20x have a stack-based buffer overflow via a crafted HTTP header...

CVE-2019-13169

Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device...

CVE-2019-12131

An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USERID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected...

CVE-2018-16979

Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943...

CVE-2019-10892

An issue was discovered in D-Link DIR-806 devices. There is a stack-based buffer overflow in function hnapmain at /htdocs/cgibin. The function will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users. And it finally leads to a...

CVE-2017-14037

CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability...

CVE-2017-14194

The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer...

CVE-2017-14195

The callmsg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer...

CVE-2012-3829

Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header...

CVE-2017-1000247

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the setstatusheader common function under Apache resulting in HTTP Header Injection flaws...