CVE-2019-11921

The CVE-2019-11921 issue affects Facebook Proxygen prior to version 2019.07.22.00, where an out-of-bounds write can be triggered by a specially crafted network packet due to improper Base64 handling when parsing malformed binary content in Structured HTTP Headers. Affected components are within P...

CVE-2019-11921

An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 when parsing malformed binary content in Structured HTTP Headers. This issue affects versions of proxygen prior to v2019.07.22.00...

CVE-2019-6631

On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs...

Rustbuster - DirBuster For Rust

DirBuster for Rust. Usage There are three modules currently implemented: 1. Dirbuster default rustbuster -m dir -u http://localhost:3000/ -w examples/wordlist -e php 2. Dnsbuster rustbuster -m dns -u google.com -w examples/wordlist 3. Vhostbuster rustbuster -m vhost -u http://localhost:3000/ -w...

The vulnerability of the HttpFoundation component in the Symfony framework, related to errors in handling HTTP headers, allows attackers to compromise the integrity of protected data.

The vulnerability of the HttpFoundation component in the Symfony framework is related to the support for the IIS header, which allows users to override the URL path through the X-Original-URL or X-Rewrite-URL headers. Exploiting this vulnerability enables an attacker to compromise the integrity o...

Amazon Linux 2 : mod_auth_mellon (ALAS-2019-1200)

A vulnerability was found in a previous version of modauthmellon. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute...

Authentication Bypass

modauthmellon is vulnerable to authentication bypass. Remote unauthenticated attackers could bypass the authentication mechanism via HTTP headers that are normally used to start the special SAML ECP...

CVE-2019-5494

OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

Amazon Linux AMI : mod24_auth_mellon (ALAS-2019-1200)

A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP non-browser based...

Command Injection

Snoopy library is vulnerable to command injection attacks. This allows remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers which may leads to data modification...

Command Injection

Snoopy library is vulnerable to command injection attacks. This allows remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers which may leads to data modification...

CRLF Injection

jenkins is vulnerable to CRLF injection. A remote attacker is able to inject arbitrary HTTP headers or perform HTTP response splitting attacks to steal user's session tokens, perform unwanted actions on behalf of the user or perform phishing attacks on users...

Access Restriction Bypass

The Conga project is a management system for remote workstations. It consists of luci, which is a secure web-based front end, and ricci, which is a secure daemon that dispatches incoming messages to underlying management modules. It was discovered that Plone, included as a part of luci, did not...

The vulnerability of the register_hooks() function in the Apache HTTP Server’s web server, related to the possibility of bypassing authentication, allows attackers to circumvent existing access control mechanisms.

The vulnerability of the registerhooks function modauthmellon in the Apache HTTP Server is related to the possibility of bypassing authentication by executing a special SAML ECP. Exploiting this vulnerability allows a malicious actor to circumvent existing access control mechanisms by using...

The vulnerability of the Action View component of the Ruby on Rails software platform, which allows a hacker to trigger a service failure.

The vulnerability of the Action View component in the Ruby on Rails software framework is related to errors in processing HTTP headers like “Accept”. Exploiting this vulnerability can allow an attacker to cause service interruptions...

Carriage Return Line Feed (CRLF) Injection

urllib3 is vulnerable to Carriage Return Line Feed CRLF Injection. It is possible because it does not escape CRLF characters injected into the request parameter, allowing an attacker to manipulate the HTTP headers once the parameter is under control...

The Ping is the Thing: Popular HTML5 Feature Used to Trick Chinese Mobile Users into Joining Latest DDoS Attack

DDoS attacks have always been a major threat to network infrastructure and web applications. Attackers are always creating new ways to exploit legitimate services for malicious purposes, forcing us to constantly research DDoS attacks in our CDN to build advanced mitigations. We recently...

WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass

WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass !/usr/bin/env node const request = require"request" / Exploit Title: Limit Login Attempts Reloaded by WPChef rate limiter bypass Date: 2019-04-08 Exploit Author: isdampe Software Link:...

WordPress Limit Login Attempts Reloaded 2.7.4 Bypass

!/usr/bin/env node const request = require"request" / Exploit Title: Limit Login Attempts Reloaded by WPChef rate limiter bypass Date: 2019-04-08 Exploit Author: isdampe Software Link: https://wordpress.org/plugins/limit-login-attempts-reloaded Version: 2.7.4 Tested on: WordPress 5.1.1 Descriptio...

WordPress Limit Login Attempts Reloaded 2.7.4 Bypass Exploit

WordPress Limit Login Attempts Reloaded plugin version 2.7.4 suffers from a login limit bypass vulnerability. !/usr/bin/env node const request = require"request" / Exploit Title: Limit Login Attempts Reloaded by WPChef rate limiter bypass Date: 2019-04-08 Exploit Author: isdampe Software Link:...