1621 matches found
CVE-2014-7143
CVE-2014-7143 relates to Python Twisted 14.0 where the HTTP client does not respect trustRoot. Connected documents consistently describe this flaw as related to trustRoot not being respected in the Twisted 14.0 HTTP client. The available material does not provide explicit affected versions beyond...
CVE-2014-7143
Python Twisted 14.0 trustRoot is not respected in HTTP client...
Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit)
Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Google Dork: N/A Date: 2019-11-11 Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft...
Information Disclosure
play-ws is vulnerable to information disclosure. The vulnerability exists through a regression caused by async-http-client that causes HTTP CONNECT requests set to an outbound HTTPS requests when using an authenticated proxy server...
FusionPBX Command exec.php Command Execution
This module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with execview permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This module has bee...
XML External Entity (XXE)
async-http-client is vulnerable to XML external entity attacks. The external DTD support in the Webdav module is not disabled, allowing attackers to access and retrieve system files, submit requests on behalf of the server, or potentially cause a denial of service...
Cisco IOS XE Software HTTP Client Information Disclosure Vulnerability (cisco-sa-20190925-http-client)
According to its self-reported version, IOS XE Software is affected by a vulnerability in the HTTP client feature that allows an unauthenticated, remote attacker to read and modify data that should normally be sent via an encrypted channel. This vulnerability is due to TCP port information not...
Cisco IOS HTTP Client Information Disclosure Vulnerability (cisco-sa-20190925-http-client)
According to its self-reported version, IOS is affected by a vulnerability in the HTTP client feature that allows an unauthenticated, remote attacker to read and modify data that should normally be sent via an encrypted channel. This vulnerability is due to TCP port information not being consider...
USN-4152-1: libsoup vulnerability
It was discovered that libsoup incorrectly handled parsing certain NTLM messages. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause a denial of service...
CVE-2019-15052
A flaw was found in Gradle, where the HTTP client sends credentials originally meant for the configured host, to all subsequent hosts that the request redirects. This flaw allows a leak of the authentication token to external entities...
CVE-2019-12665
A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new...
Design/Logic Flaw
A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new...
CVE-2019-12665
CVE-2019-12665 concerns Cisco IOS and IOS XE HTTP Client Information Disclosure. The issue arises when matching new HTTP requests to persistent connections, where TCP port information is not considered, enabling a man-in-the-middle to read or modify data that should be encrypted. Affected product...
Cisco IOS and IOS XE Software HTTP Client Information Disclosure Vulnerability
A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new...
CVE-2019-15052
The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007...
DEBIAN-CVE-2019-15052
The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007...
CVE-2019-15052
The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007...
CVE-2019-15052
The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007...
Design/Logic Flaw
The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007...
CVE-2019-15052
CVE-2019-15052 : The HTTP client in Gradle before 5.6 may leak credentials by sending authentication data intended for the configured host to subsequent hosts when a 30x redirect occurs. This mirrors the behavior described for CVE-2018-1000007 and is limited to the Gradle HTTP client as described...