1634 matches found
CVE-2020-26116
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...
D-Link Central WiFi Manager CWM(100) RCE
This module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM100 versions below v1.03R0100BETA6. The vulnerability exists in the username cookie, which is passed to eval without being sanitized. Dangerous functions are not disabled by default, which makes it possible ...
CVE-2020-15693
In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or value...
UBUNTU-CVE-2020-15693
In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or value...
UBUNTU-CVE-2020-15694
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get.contentLength does not raise any error if a malicious server provides a negative Content-Length...
Inductive Automation Ignition - Remote Code Execution
This Metasploit module exploits a Java deserialization vulnerability in the Inductive Automation Ignition SCADA... This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Inductive Automation Ignition...
[SECURITY] Fedora 31 Update: python-httplib2-0.18.1-3.fc31
A comprehensive HTTP client library that supports many features left out of other HTTP libraries...
Fedora: Security Advisory for python-httplib2 (FEDORA-2020-a7a15a9687)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for python-httplib2 (FEDORA-2020-37779a5c93)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Design/Logic Flaw
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but i...
CVE-2020-14930
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but i...
Cayin CMS NTP Server 11.0 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cayin CMS NTP Server RCE', 'Description' = %q This module exploits an authenticated RCE in Cayin CMS MSFLICENSE, 'Author' = 'h00die', msf module...
[SECURITY] Fedora 32 Update: python-httplib2-0.18.1-3.fc32
A comprehensive HTTP client library that supports many features left out of other HTTP libraries...
Microsoft Actions Http-Client Information Disclosure Vulnerability
Microsoft Actions Http-Client is the United States Microsoft Microsoft a lightweight HTTP client. An information disclosure vulnerability exists in Microsoft Actions Http-Client NPM @actions/http-client versions prior to 1.0.8. The vulnerability stems from a configuration or other error in the...
CVE-2020-11021
Actions Http-Client NPM @actions/http-client before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request...
CVE-2020-11021
Actions Http-Client NPM @actions/http-client before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request...
Authorization
Actions Http-Client NPM @actions/http-client before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request...
CVE-2020-11021 HTTP request which redirect to another hostname do not strip authorization header in Actions Http-Client
Actions Http-Client NPM @actions/http-client before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request...
CVE-2020-11021
CVE-2020-11021 (Actions Http-Client) : The npm package @actions/http-client, prior to version 1.0.8, can disclose the Authorization header when a request with an Authorization header is redirected (302) to a different domain. The issue arises during redirects across hosts, allowing header leakage...
GHSA-9W6V-M7WP-JWG4 Http request which redirect to another hostname do not strip authorization header in @actions/http-client
Impact If consumers of the http-client: 1. make an http request with an authorization header 2. that request leads to a redirect 302 and 3. the redirect url redirects to another domain or hostname The authorization header will get passed to the other domain. Note that since this library is for...