CVE-2023-26280

IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control...

CVE-2023-26280 IBM Jazz Foundation improper access control

IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control...

CVE-2023-26280 IBM Jazz Foundation improper access control

IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control...

CVE-2023-26280

The CVE-2023-26280 issue affects IBM Jazz Foundation 7.0.2 and 7.0.3, where improper access control could let a user change their dashboard via a specially crafted HTTP request. The root cause is access-control weakness in the dashboard feature, with a CVSSv3.1 base score of 5.3 (Network, Low att...

CVE-2024-11234

A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...

CVE-2024-11234

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

DEBIAN-CVE-2024-11234

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

AZL-53613 CVE-2024-11234 affecting package php for versions less than 8.1.31-1

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

CVE-2024-11234

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

CVE-2024-11234

The CVE-2024-11234 entry concerns HTTP request smuggling via PHP streams when a proxy is configured and the request_fulluri option is used. Affected PHP versions are 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14. The vulnerability arises from improper URI sanitization in strea...

CVE-2024-11234 Configuring a proxy in a stream context might allow for CRLF injection in URIs

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

CVE-2024-11234 Configuring a proxy in a stream context might allow for CRLF injection in URIs

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

CVE-2024-11234

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

CVE-2024-11234

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

CVE-2024-11618

A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack can be launched remotely. The explo...

CVE-2024-11618

Affects IPC Unigy Management System 04.03.00.08.0027; vulnerability in the HTTP Request Handler leading to server-side request forgery (SSRF). Exploitation can be remote and public details exist. The CVE describes a critical issue; multiple sources confirm remote exploitation with an exposed expl...

CVE-2024-11618 IPC Unigy Management System HTTP Request server-side request forgery

A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack can be launched remotely. The explo...

CVE-2024-11618 IPC Unigy Management System HTTP Request server-side request forgery

A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack can be launched remotely. The explo...

HTTP Request Smuggling

aiohttp is vulnerable to HTTP Request Smuggling. The vulnerability is due to incorrect parsing of newlines in chunk extensions via the feeddata function by which an attacker can bypass firewall or proxy protections by sending specially crafted requests...

Exploit for CVE-2024-9441

CVE-2024-9441-POC CVE-2024-9441 is a command injection vulner...