PT-2020-9397 · Unknown · Rainloop Webmail

Name of the Vulnerable Software and Affected Versions: RainLoop Webmail versions prior to 1.13.0 Description: The issue lacks XSS protection mechanisms, including xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header. Recommendations: For versions prior to...

EulerOS Virtualization 3.0.2.2 : wget (EulerOS-SA-2020-1281)

According to the version of the wget package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A CRLF injection flaw was found in the way wget handled URLs. A remote attacker could use this flaw to inject arbitrary HTTP headers in...

ICSA-20-072-01_ABB eSOMS

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: eSOMS Vulnerabilities: Use of Web Browser Cache Containing Sensitive Information, Improper Restriction of Rendered UI Layers or Frames, Improper Neutralization of HTTP Headers for...

Microsoft IIS Server Tampering Vulnerability

A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers. An attacker who successfully exploited the vulnerability could cause a vulnerable server to improperly process HTTP headers and tamper with the responses returned to clients. To exploit the...

Extended-XSS-Search - Scans For Different Types Of XSS On A List Of URLs

This is the extended version based on the initial idea already published as "xssfinder". This private version allows an attacker to perform not only GET but also POST requests. Additionally its possible to proxy every request through Burp or another tunnel. First steps Rename the...

Extended-SSRF-Search - Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get...

This tool search for SSRF using predefined settings in different parts of a request path, host, headers, post and get parameters. First step Rename example.app-settings.conf to app-settings.conf and adjust settings. The most important setting is the callback url. I recommend to use burp...

SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2020:0455-1)

This update for nodejs10 fixes the following issues : nodejs10 was updated to version 10.19.0. Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. CVE-2019-15605: Fixed an HTTP request...

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2020:0454-1)

This update for nodejs8 fixes the following issues : Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed...

CVE-2020-1935

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...

HTTP Request Smuggling

tomcat-coyote is vulnerable to HTTP request smuggling. The vulnerability exists as the HTTP headers are improper parsed in Http11Processor...

Honeywell WIN-PAK

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Honeywell Equipment: WIN-PAK Vulnerabilities: Cross-site Request Forgery, Improper Neutralization of HTTP Headers for Scripting Syntax, Use of Obsolete Function 2. RISK EVALUATION Successful exploitation of these...

Spoofing

In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled...

Threat Analysis: Active C2 Discovery Using Protocol Emulation Part2 (Winnti 4.0)

Summary The VMware Carbon Black Threat Analysis Unit TAU previously released a blog post documenting the Winnti version 4.0 malware. The new command and control C2 protocol that was implemented in one of the 4.0 samples was completely different from the existing understanding of the 3.0 protocol...

Debian: Security Advisory (DLA-2110-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2110-1] netty-3.9 security update

Package : netty-3.9 Version : 3.9.0.Final-1+deb8u1 CVE ID : CVE-2014-0193 CVE-2014-3488 CVE-2019-16869 CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 Debian Bug : 746639 941266 950966 950967 Several vulnerabilities were discovered in Netty, a Java NIO client/server socket framework: CVE-2014-0193...

Security Bulletin: Vulnerability in Netty affects IBM Netcool Agile Service Manager

Summary A vulnerability in Netty used by IBM Netcool Agile Service Manager has been identified. IBM classes the vulnerability as unexploitable. However, Netcool Agile Service Manager has addressed the CVE. Vulnerability Details CVEID: CVE-2019-16869 DESCRIPTION: Netty before 4.1.42.Final mishandl...

Security Bulletin: A vulnerability have been identified in Netty shipped with IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library (CVE-2019-16869)

Summary Netty is a dependency component shipped with the IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library for Message Bus Integration. Information about security vulnerabilities affecting Netty has been published. CVE-2019-16869 Vulnerability Details CVEID: CVE-2019-16869...

Denial Of Service

@hapi/subtext and @hapi/accept are vulnerable to denial of service DoS. The vulnerabilities in Content-Encoding HTTP header parser and Accept-Encoding HTTP header parser result in unhandled exceptions and shut-down of services if invalid values are present in the headers...

HackerOne: 404-response contains debug-information with all headers

Summary: When requesting a page that does not exist under www.hackerone.com the page returns a hidden HTML-element debugData that reflects all headers in the GET-request, including http-only cookies. Description: This in itself is not a serious vulnerablity, but as the program description mention...

CVE-2015-5741

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields...