CVE-2020-26234

Opencast versions before 8.9 and 7.9 disable HTTPS hostname verification in its HTTP client, enabling potential MITM attacks. Root cause: hostname verification was disabled for a large portion of HTTP requests. Affected component/file: Opencast HTTP client. Impact: confidentiality/integrity conce...

DEBIAN-CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

EulerOS 2.0 SP2 : python (EulerOS-SA-2020-2388)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker...

Memory exhaustion in http4s-async-http-client with large or malicious compressed responses

Impact A server we connect to with http4s-async-http-client could theoretically respond with a large or malicious compressed stream and exhaust memory in the client JVM. It does not affect http4s servers, other client backends, or clients that speak only to trusted servers. This is related to a...

GHSA-8HXH-R6F7-JF45 Memory exhaustion in http4s-async-http-client with large or malicious compressed responses

Impact A server we connect to with http4s-async-http-client could theoretically respond with a large or malicious compressed stream and exhaust memory in the client JVM. It does not affect http4s servers, other client backends, or clients that speak only to trusted servers. This is related to a...

DEBIAN-CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...

CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...

Crlf injection

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...

CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...

D-Link Central WiFi Manager CWM(100) RCE

This module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM100 versions below v1.03R0100BETA6. The vulnerability exists in the username cookie, which is passed to eval without being sanitized. Dangerous functions are not disabled by default, which makes it possible ...

UBUNTU-CVE-2020-15693

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or value...

CVE-2020-15693

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or value...

UBUNTU-CVE-2020-15694

In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get.contentLength does not raise any error if a malicious server provides a negative Content-Length...

Inductive Automation Ignition - Remote Code Execution

This Metasploit module exploits a Java deserialization vulnerability in the Inductive Automation Ignition SCADA... This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Inductive Automation Ignition...

[SECURITY] Fedora 31 Update: python-httplib2-0.18.1-3.fc31

A comprehensive HTTP client library that supports many features left out of other HTTP libraries...

Fedora: Security Advisory for python-httplib2 (FEDORA-2020-37779a5c93)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for python-httplib2 (FEDORA-2020-a7a15a9687)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Design/Logic Flaw

An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but i...

CVE-2020-14930

An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but i...

Cayin CMS NTP Server 11.0 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cayin CMS NTP Server RCE', 'Description' = %q This module exploits an authenticated RCE in Cayin CMS MSFLICENSE, 'Author' = 'h00die', msf module...