Lucene search
K

1634 matches found

Cvelist
Cvelist
added 2020/09/27 12:0 a.m.32 views

CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...

8.5AI score0.0642EPSS
Exploits1References14
Metasploit
Metasploit
added 2020/08/18 5:41 p.m.44 views

D-Link Central WiFi Manager CWM(100) RCE

This module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM100 versions below v1.03R0100BETA6. The vulnerability exists in the username cookie, which is passed to eval without being sanitized. Dangerous functions are not disabled by default, which makes it possible ...

9.8CVSS9.6AI score0.80682EPSS
Exploits4
UbuntuCve
UbuntuCve
added 2020/08/14 7:15 p.m.35 views

CVE-2020-15693

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or value...

6.5CVSS6.6AI score0.02048EPSS
Exploits1References3
OSV
OSV
added 2020/08/14 7:15 p.m.17 views

UBUNTU-CVE-2020-15693

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or value...

6.5CVSS6.6AI score0.02048EPSS
Exploits1References4
OSV
OSV
added 2020/08/14 7:15 p.m.1 views

UBUNTU-CVE-2020-15694

In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get.contentLength does not raise any error if a malicious server provides a negative Content-Length...

7.5CVSS7.1AI score0.02331EPSS
Exploits1References4
0daydb
0daydb
added 2020/06/28 1:9 a.m.301 views

Inductive Automation Ignition - Remote Code Execution

This Metasploit module exploits a Java deserialization vulnerability in the Inductive Automation Ignition SCADA... This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Inductive Automation Ignition...

6.8CVSS0.6AI score0.73317EPSS
Exploits14
Fedora
Fedora
added 2020/06/23 1:14 a.m.28 views

[SECURITY] Fedora 31 Update: python-httplib2-0.18.1-3.fc31

A comprehensive HTTP client library that supports many features left out of other HTTP libraries...

6.8CVSS0.5AI score0.02593EPSS
Exploits0
OpenVAS
OpenVAS
added 2020/06/23 12:0 a.m.33 views

Fedora: Security Advisory for python-httplib2 (FEDORA-2020-a7a15a9687)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.8CVSS6.9AI score0.02593EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/06/23 12:0 a.m.25 views

Fedora: Security Advisory for python-httplib2 (FEDORA-2020-37779a5c93)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.8CVSS6.9AI score0.02593EPSS
Exploits0References2
Prion
Prion
added 2020/06/19 9:15 p.m.15 views

Design/Logic Flaw

An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but i...

4.3CVSS8AI score0.03359EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/06/19 8:50 p.m.16 views

CVE-2020-14930

An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but i...

8.1AI score0.03359EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2020/06/18 12:0 a.m.753 views

Cayin CMS NTP Server 11.0 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cayin CMS NTP Server RCE', 'Description' = %q This module exploits an authenticated RCE in Cayin CMS MSFLICENSE, 'Author' = 'h00die', msf module...

0.2AI score0.33874EPSS
Exploits8
Fedora
Fedora
added 2020/06/16 1:32 a.m.31 views

[SECURITY] Fedora 32 Update: python-httplib2-0.18.1-3.fc32

A comprehensive HTTP client library that supports many features left out of other HTTP libraries...

6.8CVSS0.5AI score0.02593EPSS
Exploits0
CNVD
CNVD
added 2020/04/30 12:0 a.m.2 views

Microsoft Actions Http-Client Information Disclosure Vulnerability

Microsoft Actions Http-Client is the United States Microsoft Microsoft a lightweight HTTP client. An information disclosure vulnerability exists in Microsoft Actions Http-Client NPM @actions/http-client versions prior to 1.0.8. The vulnerability stems from a configuration or other error in the...

7.5CVSS6AI score0.01737EPSS
Exploits0References1
NVD
NVD
added 2020/04/29 6:15 p.m.10 views

CVE-2020-11021

Actions Http-Client NPM @actions/http-client before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request...

7.5CVSS6.4AI score0.01737EPSS
Exploits0References3
OSV
OSV
added 2020/04/29 6:15 p.m.17 views

CVE-2020-11021

Actions Http-Client NPM @actions/http-client before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request...

7.5CVSS7.4AI score
Exploits0References3
Prion
Prion
added 2020/04/29 6:15 p.m.11 views

Authorization

Actions Http-Client NPM @actions/http-client before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request...

5CVSS7.3AI score0.01737EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/04/29 6:0 p.m.13 views

CVE-2020-11021 HTTP request which redirect to another hostname do not strip authorization header in Actions Http-Client

Actions Http-Client NPM @actions/http-client before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request...

6.3CVSS7.4AI score0.01737EPSS
Exploits0References3
CVE
CVE
added 2020/04/29 6:0 p.m.49 views

CVE-2020-11021

CVE-2020-11021 (Actions Http-Client) : The npm package @actions/http-client, prior to version 1.0.8, can disclose the Authorization header when a request with an Authorization header is redirected (302) to a different domain. The issue arises during redirects across hosts, allowing header leakage...

7.5CVSS6.5AI score0.01737EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/04/29 5:58 p.m.17 views

GHSA-9W6V-M7WP-JWG4 Http request which redirect to another hostname do not strip authorization header in @actions/http-client

Impact If consumers of the http-client: 1. make an http request with an authorization header 2. that request leads to a redirect 302 and 3. the redirect url redirects to another domain or hostname The authorization header will get passed to the other domain. Note that since this library is for...

6.3CVSS7.3AI score0.01737EPSS
Exploits0References5
Rows per page
Query Builder