2469 matches found
WordPress HTTP Headers Plugin < 1.18.8 is vulnerable to SQL Injection
Software HTTP Headers Type Plugin Vulnerable versions 1.18.8 Fixed in 1.18.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-1207 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 4e6306d4524c Credits qerogramat Kakao Style Corp. Required privilege...
HTTP Headers < 1.18.8 - Admin+ SQL Injection
This plugin has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability. PoC 1. Create an SQL file with the following contents: UPDATE wpoptions SET optionvalue = "Hacked" WHERE optionname = "blogname" 2. As an admin user within WP Admin,...
HTTP Headers < 1.18.8 - Admin+ SQL Injection
This plugin has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability. 1. Create an SQL file with the following contents: UPDATE wpoptions SET optionvalue = "Hacked" WHERE optionname = "blogname" 2. As an admin user within WP Admin, navigate...
Denial Of Service (DoS)
github.com/golang/go is vulnerable to Denial of Service DoS attacks. Unusual patterns of input data cause the upcomingHeaderNewlines function to parse HTTP and MIME headers which allocates more memory than required, causing the application to crash via memory exhaustion...
CVE-2023-29013 HTTP header parsing could cause a deny of service
Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This...
Containous Traefik 资源管理错误漏洞
Containous Traefik is a reverse proxy and load balancer from Containous Corporation. Containous Traefik suffers from a Resource Management Error vulnerability that occurs when GO allocates more memory when parsing HTTP headers than is required to save the parsed headers. An attacker could exploit...
haproxy: request smuggling attack in HTTP/1 header parsing
A flaw was found in HAProxy's headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypa...
GHSA-7HJ9-RV74-5G92 Traefik HTTP header parsing could cause a denial of service
Impact There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. References - CVE-2023-24534 Patches -...
Debian dla-3384 : libtomcat9-embed-java - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3384 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3384-1 [email protected]...
SUSE CVE-2023-24534
HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than requir...
[SECURITY] [DLA 3384-1] tomcat9 security update
Debian LTS Advisory DLA-3384-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany April 05, 2023 https://wiki.debian.org/LTS Package : tomcat9 Version : 9.0.31-1deb10u8 CVE ID : CVE-2022-42252 CVE-2023-28708 Debian Bug : 1033475 Two security vulnerabilities have been...
Desktop Central 9.1.0 CRLF Injection / Server-Side Request Forgery
Exploit Title: Desktop Central 9.1.0 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Discovery Date: 2021-02-14 Software Link : http://www.desktopcentral.com Tested Version: 9.1.0 Build No: 91084 Tested on: Windows 10 Vulnerability Type: CRLF injection CRLF - 1 CVSS v3: 6.1 CVSS vector:...
Waf-Bypass - Check Your WAF Before An Attacker Does
WAF bypass Tool is an open source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker does. WAF Bypass Tool is developed by Nemesida WAF team with the participation of community. How to run I...
Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2023-140)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-140 advisory. If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for...
CVE-2023-27569
The eotags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header...
CVE-2023-27569
The eotags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header...
CLSA-2023-1679349850 curl: Fix of CVE-2023-23916
CVE-2023-23916: fix HTTP multi-header compression denial of service - fix testing system by adding the nonewline option...
PT-2023-2258 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.270 through 2.393 Jenkins LTS versions 2.277.1 through 2.375.3 Description: The issue is related to errors in handling HTTP headers, which can allow a remote attacker to perform cross-site scripting XSS attacks. The...
CVE-2022-4550
The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing...
[SECURITY] Fedora 36 Update: haproxy-2.4.22-2.fc36
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...