2469 matches found
Chrome Logger Information Disclosure
Chrome Logger is a Google Chrome extension used to debug server side applications in the Chrome console. By installing the extension in their Chrome browser and a server-side library on their application, developers can retrieve the configured debug information directly in Chrome. As Chrome Logge...
CVE-2023-3140
Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...
Design/Logic Flaw
Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...
CVE-2023-3140
CVE-2023-3140 affects KNIME Business Hub prior to 1.4.0. The root cause is a missing HTTP security header set (X-Frame-Options and Content-Security-Policy), enabling clickjacking where an attacker can embed the app in a malicious page and trick users into actions on the original site. Impact deta...
CVE-2023-3140 KNIME Hub Web Application is vulnerable to clickjacking
Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...
CVE-2023-3140 KNIME Hub Web Application is vulnerable to clickjacking
Missing HTTP headers X-Frame-Options, Content-Security-Policy in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a...
Fixed in Apache Tomcat 10.1.9
Important: Information disclosure CVE-2023-34981 The fix for bug 66512 introduced a regression that was fixed as bug 66591. The regression meant that, if a response did not have any HTTP headers set, no AJP SENDHEADERS message would be sent which in turn meant that at least one AJP based proxy...
EulerOS 2.0 SP10 : haproxy (EulerOS-SA-2023-1954)
According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka 'request...
CVE-2023-1207
This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability...
Sql injection
This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability...
CVE-2023-1207
CVE-2023-1207 affects the HTTP Headers WordPress plugin, prior to version 1.18.8. The import feature can execute arbitrary SQL on the server, causing an SQL Injection vulnerability. Public sources (NVD/Red Hat/Patchstack) confirm the issue and indicate a patch: update to 1.18.8 or later to mitiga...
CVE-2023-1207 HTTP Headers < 1.18.8 - Admin+ SQL Injection
This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability...
CVE-2023-1207 HTTP Headers < 1.18.8 - Admin+ SQL Injection
This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability...
WordPress plugin HTTP Headers SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...
EulerOS 2.0 SP9 : haproxy (EulerOS-SA-2023-1845)
According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka 'request...
Fixed in Apache Tomcat 9.0.75
Important: Information disclosure CVE-2023-34981 The fix for bug 66512 introduced a regression that was fixed as bug 66591. The regression meant that, if a response did not have any HTTP headers set, no AJP SENDHEADERS message would be sent which in turn meant that at least one AJP based proxy...
K000133759: Python vulnerability CVE-2020-26116
Security Advisory Description http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of...
EulerOS Virtualization 3.0.2.0 : grub2 (EulerOS-SA-2023-1722)
According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to...
File Thingie 2.5.7 - Remote Code Execution (RCE)
!/usr/bin/python Exploit Title: File Thingie 2.5.7 - Arbitary File Upload to RCE Google Dork: N/A Date: 27th of April, 2023 Exploit Author: Maurice Fielenbach grimlockx - Hexastrike Cybersecurity UG haftungsbeschränkt Software Link: https://github.com/leefish/filethingie Version: 2.5.7 Tested on:...
Denial Of Service (DoS)
traefik is vulnerable to Denial of Service DoS. The vulnerability exists in when parsing the HTTP headers that could allocate substantially more memory than required causing an application crash...