CVE-2014-6393

The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting XSS attacks via characters in a non-standard encoding...

CVE-2017-1000099

When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user stdout or the application's provide callback, which could lead to other private data from the heap to...

Authentication Hijack

openid/php-openid is vulnerable to authentication hijack. examples/consumer/common.php incorrectly checks the openid.realm parameter against the SERVERNAME element. This can be leveraged by attackers to hijack authentication through HTTP host headers...

AQUATONE - A Tool for Domain Flyovers

AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources as well as the more common subdomain dictionary brute force approach. After subdomain discovery, AQUATONE can then scan the hosts for common web ports and...

Replay Attack

github.com/minio/minio is vulnerable to replay attacks. The attacks exist because it does not verify the date and time from the headers of HTTP requests...

GLSA-201706-16 : GNU Wget: Header injection

The remote host is affected by the vulnerability described in GLSA-201706-16 GNU Wget: Header injection It was discovered that there was a header injection vulnerability in GNU Wget which allowed remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a UR...

Forwarded HTTP Headers

cloudfoundry-identity-server is vulnerable to forwarded http headers. There is an issue with forwarded http headers in UAA that can result in an account being corrupted...

CVE-2017-4994

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release uaa-release 13.x versions prior to v13.16,...

Semrush: Cross-origin resource sharing misconfig | steal user information

Man, treat you another drink. Description An HTML5 cross-origin resource sharing CORS policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request...

Crlf injection

CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATHINFO to sessionstart/...

McAfee Network Data Loss Prevention Clickjacking Vulnerability (CNVD-2017-07549)

McAfee Network Data Loss Prevention is a data leakage protection solution. McAfee Network Data Loss Prevention NDLP suffers from a single-click hijacking vulnerability in the server implementation, which can be exploited by remote attackers to inject arbitrary web script or HTML via the HTTP...

CVE-2017-4013

Banner Disclosure in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote attackers to obtain product information via HTTP response header...

CVE-2017-4011

Embedding Script XSS in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request...

CVE-2017-4011

McAfee Network Data Loss Prevention (NDLP) 9.3.x is affected by a Cross‑Site Scripting (XSS) vulnerability in the server (notably via the User‑Agent header as per the nuclei template) that allowed remote attackers to view session/cookie data by modifying HTTP requests. Exploitation details are pr...

CVE-2017-4011

Embedding Script XSS in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request...

CVE-2017-6031

A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution...

Blockwise Chosen-boundary Attacks

github.com/openshift/origin is vulnerable to blockwise chosen-boundary attacks aka the "BEAST" attack. It encrypts data by using CBC mode with chained initialization vectors which allows attackers to obtain plaintext HTTP headers through blockwise chosen-boundary attacks on HTTPS sessions. This...

Cookie Set For Parent Domain

HTTP by itself is a stateless protocol. Therefore the server is unable to determine which requests are performed by which client, and which clients are authenticated or unauthenticated. The use of HTTP cookies within the headers, allows a web server to identify each individual client and can...

HackerOne: CRLF injection in info.hacker.one

Vulnerable URL: info.hacker.one Vulnerability description This script is possibly vulnerable to CRLF injection attacks. HTTP headers have the structure "Key: Value", where each line is separated by the CRLF combination. If the user input is injected into the value section without properly...

Debian DLA-869-1 : cgiemail security update

The cPanel Security Team discovered several security vulnerabilities in cgiemail, a CGI program used to create HTML forms for sending mails : CVE-2017-5613 A format string injection vulnerability allowed to supply arbitrary format strings to cgiemail and cgiecho. A local attacker with permissions...