CVE-2023-49862

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the downloadURLgifimage parameter...

Rudder Server SQLI Remote Code Execution

This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform CDP. The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may le...

CRLF Injection

jodd-http is vulnerable to CRLF injection attacks. The vulnerability exists because the path function of HttpRequest.java does not properly encode the URLEncoder, allowing an attacker to inject and execute a malicious TCP payload by using \r\n in the query string...

GHSA-2655-Q453-22F9 Django Allows Arbitrary URL Generation

The django.http.HttpRequest.gethost function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values...

Django Allows Arbitrary URL Generation

The django.http.HttpRequest.gethost function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values...

GHSA-P7W9-8MXW-P3G7 Improper Certificate Validation in Hutool

Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation...

CVE-2022-22885

Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation...

CVE-2022-22885

Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation...

Design/Logic Flaw

Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation...

CVE-2022-22885

CVE-2022-22885 affects Hutool v5.7.18: Hutool.HttpRequest incorrectly ignores TLS/SSL certificate validation, creating a trust-management vulnerability that enables network-based MITM attacks. CVSS3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H with base score 9.8; CVSS2.0 also 7.5. Exploitation details ...

CVE-2022-22885

Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation...

PT-2022-15716 · Hutool · Hutool

Name of the Vulnerable Software and Affected Versions: Hutool version 5.7.18 Description: The issue concerns the ignoring of all TLS/SSL certificate validation in Hutool's HttpRequest. Recommendations: For Hutool version 5.7.18, update to a version that properly validates TLS/SSL certificates to...

Hutool 安全漏洞

Hutool is a small but comprehensive Java tools library from the Chinese Dromara community. Hutool suffers from a trust management issue vulnerability that stems from Hutool v5.7.18's HttpRequest was found to ignore all TLS/SSL certificate validations...

Lantronix PremierWave 2050 Web Manager SslGenerateCertificate OS command injection vulnerability

Talos Vulnerability Report TALOS-2021-1332 Lantronix PremierWave 2050 Web Manager SslGenerateCertificate OS command injection vulnerability November 15, 2021 CVE Number CVE-2021-21888 Summary An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of...

U.S. Dept Of Defense: https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD

Hi team , while testing i found a host ip https://█████████ which belong to DoD ██████████.mil running web services interface of Cisco ASA/FTD and it is vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD. An attacker could exploit this vulnerability by sending ...

CVE-2013-5657

AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request...

Design/Logic Flaw

Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers t...

CVE-2011-3624

CVE-2011-3624 affects WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier. The vulnerability arises because these methods do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers, which could allow remote attackers to inject arbitrary text into log files or to byp...

XooDigital - 'p' SQL Injection

Exploit Title: XooDigital - 'p' SQL Injection Date: 26.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://xooscripts.com/product/digital-download-protection-script.html Demo Site: http://xooscripts.com/demos/xoodigital/ Version: Lastest Tested on: Kali Linux CVE: N/A ----- PoC :...